Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: vendors Tag: trustedfirmware Clear
ID Title
CVE-2026-33317 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, mis...
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in `entry_get_attribute_value()` in `ta/pkcs11/src/object.c` can lead to out-of-bounds...
CVE-2026-34877 Vulnerability in arm (CVE-2026-34877)
vulnerability in arm (CVE-2026-34877). Successful exploitation can lead to full system takeover.
CVE-2026-34871 Vulnerability in arm (CVE-2026-34871)
vulnerability in arm (CVE-2026-34871). Confidential information can be exposed externally.
CVE-2026-25835 Vulnerability in arm (CVE-2026-25835)
vulnerability in arm (CVE-2026-25835). Confidential information can be exposed externally.
CVE-2025-27810 Vulnerability in arm (CVE-2025-27810)
vulnerability in arm (CVE-2025-27810). Risk of unauthorized operations or information disclosure.
CVE-2025-27809 Vulnerability in arm (CVE-2025-27809)
vulnerability in arm (CVE-2025-27809). Risk of unauthorized operations or information disclosure.
CVE-2024-28960 An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
CVE-2024-23775 Vulnerability in dos (CVE-2024-23775)
vulnerability in dos (CVE-2024-23775). Risk of unauthorized operations or information disclosure.
CVE-2024-23170 Vulnerability in arm (CVE-2024-23170)
vulnerability in arm (CVE-2024-23170). Confidential information can be exposed externally.
CVE-2023-43615 Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
CVE-2021-36647 Vulnerability in c (CVE-2021-36647)
vulnerability in c (CVE-2021-36647). Confidential information can be exposed externally.
CVE-2022-46393 Out-of-Bounds Read in arm (CVE-2022-46393)
vulnerability in arm (CVE-2022-46393). Successful exploitation can lead to full system takeover.
CVE-2022-46392 Vulnerability in arm (CVE-2022-46392)
vulnerability in arm (CVE-2022-46392). Confidential information can be exposed externally.
CVE-2022-35409 Out-of-Bounds Read in arm (CVE-2022-35409)
vulnerability in arm (CVE-2022-35409). Confidential information can be exposed externally.
CVE-2021-44732 Vulnerability in arm (CVE-2021-44732)
vulnerability in arm (CVE-2021-44732). Successful exploitation can lead to full system takeover.
CVE-2021-27562 KEV [KEV] Out-of-Bounds Write in Arm trusted-firmware (CVE-2021-27562)
out-of-bounds write in Arm trusted-firmware (CVE-2021-27562). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-10932 Vulnerability in arm (CVE-2020-10932)
vulnerability in arm (CVE-2020-10932). Confidential information can be exposed externally.
CVE-2019-16910 Information Disclosure in arm (CVE-2019-16910)
vulnerability in arm (CVE-2019-16910). Confidential information can be exposed externally.
CVE-2018-19608 Privilege Escalation in arm (CVE-2018-19608)
vulnerability in arm (CVE-2018-19608). Confidential information can be exposed externally.
CVE-2018-9989 Out-of-Bounds Read in arm (CVE-2018-9989)
vulnerability in arm (CVE-2018-9989). Risk of unauthorized operations or information disclosure.
CVE-2018-9988 Out-of-Bounds Read in arm (CVE-2018-9988)
vulnerability in arm (CVE-2018-9988). Risk of unauthorized operations or information disclosure.
CVE-2017-9607 Vulnerability in dos (CVE-2017-9607)
vulnerability in dos (CVE-2017-9607). Successful exploitation can lead to full system takeover.
CVE-2017-14032 Authentication Bypass in arm (CVE-2017-14032)
authentication bypass in arm (CVE-2017-14032). Successful exploitation can lead to full system takeover.
CVE-2017-7564 Vulnerability in dos (CVE-2017-7564)
vulnerability in dos (CVE-2017-7564). Risk of unauthorized operations or information disclosure.
CVE-2017-7563 Vulnerability in arm (CVE-2017-7563)
vulnerability in arm (CVE-2017-7563). Successful exploitation can lead to full system takeover.
CVE-2017-2784 Vulnerability in arm (CVE-2017-2784)
vulnerability in arm (CVE-2017-2784). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →