Filtered by vendor Arm
Subscribe
Total
124 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15031 | 1 Arm | 1 Arm-trusted-firmware | 2019-01-24 | 5.0 MEDIUM | 7.5 HIGH |
| In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information. | |||||
| CVE-2017-14032 | 1 Arm | 1 Mbed Tls | 2017-11-08 | 6.8 MEDIUM | 8.1 HIGH |
| ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected. | |||||
| CVE-2017-9607 | 1 Arm | 1 Arm-trusted-firmware | 2017-10-03 | 5.1 MEDIUM | 7.0 HIGH |
| The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow. | |||||
| CVE-2017-7564 | 1 Arm | 1 Arm Trusted Firmware | 2017-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers. | |||||