Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-33317 |
|
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, mis...
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in `entry_get_attribute_value()` in `ta/pkcs11/src/object.c` can lead to out-of-bounds...
|
| CVE-2026-34877 |
|
Vulnerability in arm (CVE-2026-34877)
vulnerability in arm (CVE-2026-34877). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34871 |
|
Vulnerability in arm (CVE-2026-34871)
vulnerability in arm (CVE-2026-34871). Confidential information can be exposed externally.
|
| CVE-2026-25835 |
|
Vulnerability in arm (CVE-2026-25835)
vulnerability in arm (CVE-2026-25835). Confidential information can be exposed externally.
|
| CVE-2025-27810 |
|
Vulnerability in arm (CVE-2025-27810)
vulnerability in arm (CVE-2025-27810). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-27809 |
|
Vulnerability in arm (CVE-2025-27809)
vulnerability in arm (CVE-2025-27809). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-4610 KEV |
|
[KEV] Use-After-Free in Arm :unknown: (CVE-2024-4610)
vulnerability in Arm :unknown: (CVE-2024-4610). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `SoCVersion:2024-07-05` or later.
|
| CVE-2024-28960 |
|
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
|
| CVE-2024-23775 |
|
Vulnerability in dos (CVE-2024-23775)
vulnerability in dos (CVE-2024-23775). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-23170 |
|
Vulnerability in arm (CVE-2024-23170)
vulnerability in arm (CVE-2024-23170). Confidential information can be exposed externally.
|
| CVE-2023-43615 |
|
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
|
| CVE-2023-4211 KEV |
|
[KEV] Use-After-Free in Arm :unknown: (CVE-2023-4211)
vulnerability in Arm :unknown: (CVE-2023-4211). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `SoCVersion:2023-10-05` or later.
|
| CVE-2021-29256 KEV |
|
[KEV] Use-After-Free in Arm :unknown: (CVE-2021-29256)
vulnerability in Arm :unknown: (CVE-2021-29256). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `SoCVersion:2023-07-05` or later.
|
| CVE-2023-26083 KEV |
|
[KEV] Vulnerability in Arm mali-graphics-processing-unit-gpu (CVE-2023-26083)
vulnerability in Arm mali-graphics-processing-unit-gpu (CVE-2023-26083). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-38181 KEV |
|
[KEV] Use-After-Free in Arm :unknown: (CVE-2022-38181)
vulnerability in Arm :unknown: (CVE-2022-38181). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `SoCVersion:2023-04-05` or later.
|
| CVE-2022-22706 KEV |
|
[KEV] Buffer Overflow in Arm :unknown: (CVE-2022-22706)
vulnerability in Arm :unknown: (CVE-2022-22706). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `SoCVersion:2023-06-05` or later.
|
| CVE-2021-36647 |
|
Vulnerability in c (CVE-2021-36647)
vulnerability in c (CVE-2021-36647). Confidential information can be exposed externally.
|
| CVE-2022-46393 |
|
Out-of-Bounds Read in arm (CVE-2022-46393)
vulnerability in arm (CVE-2022-46393). Successful exploitation can lead to full system takeover.
|
| CVE-2022-46392 |
|
Vulnerability in arm (CVE-2022-46392)
vulnerability in arm (CVE-2022-46392). Confidential information can be exposed externally.
|
| CVE-2022-35409 |
|
Out-of-Bounds Read in arm (CVE-2022-35409)
vulnerability in arm (CVE-2022-35409). Confidential information can be exposed externally.
|
| CVE-2021-44732 |
|
Vulnerability in arm (CVE-2021-44732)
vulnerability in arm (CVE-2021-44732). Successful exploitation can lead to full system takeover.
|
| CVE-2021-28663 KEV |
|
[KEV] Use-After-Free in Arm :unknown: (CVE-2021-28663)
vulnerability in Arm :unknown: (CVE-2021-28663). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `SoCVersion:2021-05-05` or later.
|
| CVE-2021-28664 KEV |
|
[KEV] Out-of-Bounds Write in Arm :unknown: (CVE-2021-28664)
out-of-bounds write in Arm :unknown: (CVE-2021-28664). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `SoCVersion:2021-05-05` or later.
|
| CVE-2021-27562 KEV |
|
[KEV] Out-of-Bounds Write in Arm trusted-firmware (CVE-2021-27562)
out-of-bounds write in Arm trusted-firmware (CVE-2021-27562). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-10932 |
|
Vulnerability in arm (CVE-2020-10932)
vulnerability in arm (CVE-2020-10932). Confidential information can be exposed externally.
|
| CVE-2019-16910 |
|
Information Disclosure in arm (CVE-2019-16910)
vulnerability in arm (CVE-2019-16910). Confidential information can be exposed externally.
|
| CVE-2018-19608 |
|
Privilege Escalation in arm (CVE-2018-19608)
vulnerability in arm (CVE-2018-19608). Confidential information can be exposed externally.
|
| CVE-2018-3639 |
|
Vulnerability in intel (CVE-2018-3639)
vulnerability in intel (CVE-2018-3639). Confidential information can be exposed externally.
|
| CVE-2018-9989 |
|
Out-of-Bounds Read in arm (CVE-2018-9989)
vulnerability in arm (CVE-2018-9989). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-9988 |
|
Out-of-Bounds Read in arm (CVE-2018-9988)
vulnerability in arm (CVE-2018-9988). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-5753 |
|
Vulnerability in intel (CVE-2017-5753)
vulnerability in intel (CVE-2017-5753). Confidential information can be exposed externally.
|
| CVE-2017-5754 |
|
Information Disclosure in intel (CVE-2017-5754)
vulnerability in intel (CVE-2017-5754). Confidential information can be exposed externally.
|
| CVE-2017-9607 |
|
Vulnerability in dos (CVE-2017-9607)
vulnerability in dos (CVE-2017-9607). Successful exploitation can lead to full system takeover.
|
| CVE-2017-14032 |
|
Authentication Bypass in arm (CVE-2017-14032)
authentication bypass in arm (CVE-2017-14032). Successful exploitation can lead to full system takeover.
|
| CVE-2017-7563 |
|
Vulnerability in arm (CVE-2017-7563)
vulnerability in arm (CVE-2017-7563). Successful exploitation can lead to full system takeover.
|
| CVE-2017-7564 |
|
Vulnerability in dos (CVE-2017-7564)
vulnerability in dos (CVE-2017-7564). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-2784 |
|
Vulnerability in arm (CVE-2017-2784)
vulnerability in arm (CVE-2017-2784). Successful exploitation can lead to full system takeover.
|