Lucene search
K

50 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:30 p.m.5 views

CVE-2023-40271

In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function...

7.5CVSS7.3AI score0.00323EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-18898

Malware in sbrugna...

7.5CVSS7.6AI score0.01774EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-44867

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00323EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2021-30532

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00413EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-40327

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Trusted Firmware-M TF-M 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key held by the Crypto service based solely on...

5.9CVSS6.3AI score0.01194EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/01 12:6 a.m.3 views

CVE-2025-53022

TrustedFirmware-M aka Trusted Firmware for M profile Arm CPUs before 2.1.3 and 2.2.x before 2.2.1 lacks length validation during a firmware upgrade. While processing a new image, the Firmware Upgrade FWU module does not validate the length field of the Type-Length-Value TLV structure for dependen...

8.6CVSS7.4AI score0.0043EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/07/30 12:0 a.m.4 views

CVE-2025-53022

TrustedFirmware-M aka Trusted Firmware for M profile Arm CPUs before 2.1.3 and 2.2.x before 2.2.1 lacks length validation during a firmware upgrade. While processing a new image, the Firmware Upgrade FWU module does not validate the length field of the Type-Length-Value TLV structure for dependen...

8.6CVSS5.6AI score0.0043EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:20 a.m.10 views

CVE-2023-51712

An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function...

4.7CVSS6.6AI score0.00293EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 7:44 p.m.9 views

CVE-2021-32032

In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation in the event of a failure can prevent the abort operation in the associated cryptographic library from freeing internal resources, causing a memory leak...

7.5CVSS6.9AI score0.01774EPSS
Exploits1References1
NVD
NVD
added 2024/10/09 5:15 p.m.11 views

CVE-2024-45746

An issue was discovered in Trusted Firmware-M through 2.1.0. User provided and controlled mailbox messages contain a pointer to a list of input arguments invec and output arguments outvec. These list pointers are never validated. Each argument list contains a buffer pointer and a buffer length...

9.8CVSS0.00788EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/09 12:0 a.m.4 views

Linaro Trusted Firmware-M 安全漏洞

Linaro Trusted Firmware-M Tf-M is a reference implementation of the Platform Security Architecture Psa IoT security framework from Linaro, UK. A security vulnerability exists in Linaro Trusted Firmware-M version 2.1.0, which stems from not validating user-supplied pointers to invec and outvec...

9.8CVSS6.8AI score0.00788EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/09 12:0 a.m.25 views

CVE-2024-45746

An issue was discovered in Trusted Firmware-M through 2.1.0. User provided and controlled mailbox messages contain a pointer to a list of input arguments invec and output arguments outvec. These list pointers are never validated. Each argument list contains a buffer pointer and a buffer length...

0.00788EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.8 views

PT-2024-31745 · Unknown · Trusted Firmware-M

Name of the Vulnerable Software and Affected Versions: Trusted Firmware-M versions through 2.1.0 Description: An issue was discovered where user-provided mailbox messages contain a pointer to a list of input arguments in vec and output arguments out vec that are never validated. Each argument lis...

9.8CVSS7.8AI score0.00788EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/10/09 12:0 a.m.16 views

CVE-2024-45746

An issue was discovered in Trusted Firmware-M through 2.1.0. User provided and controlled mailbox messages contain a pointer to a list of input arguments invec and output arguments outvec. These list pointers are never validated. Each argument list contains a buffer pointer and a buffer length...

8AI score0.00788EPSS
Exploits0References2
CVE
CVE
added 2024/10/09 12:0 a.m.66 views

CVE-2024-45746

Summary: CVE-2024-45746 affects Trusted Firmware-M up to version 2.1.0. The flaw lies in mailbox handling where user-provided in_vec/out_vec pointers are not validated, and the length of pending output arguments is updated after a PSA call regardless of the call result. This enables an attacker t...

9.8CVSS7.7AI score0.00788EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/10/09 12:0 a.m.11 views

CVE-2024-45746

An issue was discovered in Trusted Firmware-M through 2.1.0. User provided and controlled mailbox messages contain a pointer to a list of input arguments invec and output arguments outvec. These list pointers are never validated. Each argument list contains a buffer pointer and a buffer length...

9.8CVSS6.7AI score0.00788EPSS
Exploits0
OSV
OSV
added 2024/09/05 4:15 p.m.18 views

CVE-2023-51712

An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function...

4.7CVSS6.6AI score0.00293EPSS
Exploits0References2
NVD
NVD
added 2024/09/05 4:15 p.m.26 views

CVE-2023-51712

An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function...

4.7CVSS0.00293EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/05 12:0 a.m.18 views

CVE-2023-51712

An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function...

6.9AI score0.00293EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/05 12:0 a.m.5 views

Trusted Firmware-M 安全漏洞

Linaro Trusted Firmware-M Tf-M is a reference implementation of the Platform Security Architecture Psa IoT security framework from Linaro, UK. A security vulnerability exists in Trusted Firmware-M version 2.0.0 and prior versions, which stems from a lack of parameter validation in the logging...

4.7CVSS6.6AI score0.00293EPSS
Exploits0References3
Rows per page
Query Builder