cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-40271,https://securityvulnerability.io/vulnerability/CVE-2023-40271,Buffer Comparison Flaw in Trusted Firmware-M's CryptoCell Integration,"An issue in Trusted Firmware-M, specifically in versions utilizing the CryptoCell accelerator with the ChaCha20-Poly1305 algorithm, allows a potential authentication compromise. The single-part verification function erroneously compares only the first 4 bytes of the authentication tag, instead of the full 16 bytes. This flaw could lead to unauthenticated payloads being mistakenly identified as authentic, posing significant risks in secure application deployments.",Arm,Trusted Firmware-m,7.5,HIGH,0.0009899999713525176,false,,false,false,false,,,false,false,,2023-09-08T02:15:00.000Z,0
CVE-2022-47630,https://securityvulnerability.io/vulnerability/CVE-2022-47630,Out-of-bounds Read Vulnerability in Trusted Firmware-A X.509 Parser,An out-of-bounds read vulnerability exists in Trusted Firmware-A versions prior to 2.8 within the X.509 parser responsible for interpreting boot certificates. This weakness could allow attackers to exploit side effects from dangerous reads or potentially extract sensitive information related to the microarchitectural state. Safeguarding against this issue is crucial for maintaining the integrity and confidentiality of systems utilizing this firmware.,Arm,Trusted Firmware-a,7.4,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2023-01-16T00:00:00.000Z,0
CVE-2021-43619,https://securityvulnerability.io/vulnerability/CVE-2021-43619,Buffer Overflow Vulnerability in Trusted Firmware M by Arm,"The Trusted Firmware M versions 1.4.x to 1.4.1 are susceptible to a buffer overflow issue within the Firmware Update partition. This vulnerability occurs when a psa_fwu_write caller from either Secure Processing Environment (SPE) or Non-Secure Processing Environment (NSPE) is able to overwrite critical stack memory locations, potentially leading to unauthorized access or system instability. Ensuring your firmware is updated to the latest patches is essential for safeguarding against this vulnerability.",Arm,Trusted Firmware-m,7.8,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2022-03-01T04:31:25.000Z,0
CVE-2021-27562,https://securityvulnerability.io/vulnerability/CVE-2021-27562,System Halt Vulnerability in Arm Trusted Firmware M by Arm,"The vulnerability in Arm Trusted Firmware M allows non-secure (NS) world components to interact improperly with secure functions while operating under the Non-Secure Privileged Exception (NSPE) handler mode. This interaction may lead to unexpected system halts, potential overwriting of secure data, or unauthorized printing of sensitive information, raising serious concerns regarding the integrity and confidentiality of secure operations.",Arm,Trusted Firmware M,5.5,MEDIUM,0.957319974899292,true,2021-11-03T00:00:00.000Z,false,false,true,2021-11-03T00:00:00.000Z,,false,false,,2021-05-25T18:27:20.000Z,0
CVE-2018-19440,https://securityvulnerability.io/vulnerability/CVE-2018-19440,,ARM Trusted Firmware-A allows information disclosure.,Arm,Trusted Firmware-a,5.3,MEDIUM,0.0012600000482052565,false,,false,false,false,,,false,false,,2019-01-30T15:29:00.000Z,0
CVE-2017-15031,https://securityvulnerability.io/vulnerability/CVE-2017-15031,,"In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.",Arm,Arm-trusted-firmware,7.5,HIGH,0.0009800000116229057,false,,false,false,false,,,false,false,,2018-12-18T16:00:00.000Z,0
CVE-2017-9607,https://securityvulnerability.io/vulnerability/CVE-2017-9607,,"The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow.",Arm,Arm-trusted-firmware,7,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2017-09-20T16:00:00.000Z,0
CVE-2017-7563,https://securityvulnerability.io/vulnerability/CVE-2017-7563,,"In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits).",Arm,Arm Trusted Firmware,8.1,HIGH,0.0021699999924749136,false,,false,false,false,,,false,false,,2017-06-07T15:00:00.000Z,0
CVE-2017-7564,https://securityvulnerability.io/vulnerability/CVE-2017-7564,,"In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers.",Arm,Arm Trusted Firmware,7.5,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2017-06-07T15:00:00.000Z,0
CVE-2016-10319,https://securityvulnerability.io/vulnerability/CVE-2016-10319,,"In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. This affects certain cases involving execution of both AArch64 Generic Trusted Firmware (TF) BL1 code and other firmware update code.",Arm Trusted Firmware Project,Arm Trusted Firmware,5.9,MEDIUM,0.0009299999801442027,false,,false,false,false,,,false,false,,2017-04-06T15:59:00.000Z,0