cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-10941,https://securityvulnerability.io/vulnerability/CVE-2020-10941,Sensitive Information Disclosure in Arm Mbed TLS by Measuring Cache Usage,Arm Mbed TLS versions before 2.16.5 are susceptible to a vulnerability where an attacker may exploit cache timing information to retrieve sensitive RSA private keys. This vulnerability enables unauthorized access to cryptographic secrets through analyzing cache behavior during the key import process. Organizations using affected versions should prioritize updating their Mbed TLS implementation to mitigate potential information leakage.,Arm,"Mbed Crypto,Mbed Tls",5.9,MEDIUM,0.003120000008493662,false,,false,false,false,,,false,false,,2020-03-24T00:00:00.000Z,0
CVE-2019-18222,https://securityvulnerability.io/vulnerability/CVE-2019-18222,Flaw in ECDSA Signature Implementation in Arm Mbed Crypto and Mbed TLS,"A vulnerability exists in the ECDSA signature implementation within Arm Mbed Crypto and Mbed TLS. The issue arises from insufficient reduction of the blinded scalar before computing the inverse, which can be exploited by a local attacker. Through side-channel attacks, this flaw can lead to the potential recovery of private keys, posing a significant risk to the cryptographic integrity of affected systems.",Arm,"Mbed Tls,Mbed Crypto",4.7,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2020-01-23T00:00:00.000Z,0
CVE-2019-16910,https://securityvulnerability.io/vulnerability/CVE-2019-16910,Insufficient Entropy in RNG Used for ECDSA in Arm Mbed TLS and Arm Mbed Crypto,"Arm Mbed TLS and Arm Mbed Crypto are vulnerable due to the use of a Random Number Generator (RNG) with insufficient entropy for blinding when deterministic ECDSA is enabled. This vulnerability can potentially allow attackers to exploit the RNG weaknesses to recover private keys if the same message is signed multiple times. Versions affected include Mbed TLS prior to 2.19.0 and Mbed Crypto prior to 2.0.0, as well as specific Mbed TLS versions such as 2.7.12 and 2.16.3. Users are urged to upgrade to secure versions to mitigate the risk of side-channel attacks.",Arm,"Mbed Crypto,Mbed Tls",5.3,MEDIUM,0.006870000157505274,false,,false,false,false,,,false,false,,2019-09-26T00:00:00.000Z,0