Stella

Researcher fromArm / Trusted Firmware
#5555of 53,624
48.3Total CVSS
Vulnerabilities · 6
Medium
1
High
3
Critical
2
PT-2026-46046
5.5
2026-06-03
Op Tee · Op-Tee · CVE-2026-45702
**Name of the Vulnerable Software and Affected Versions** OP-TEE versions 4.3.0 through 4.10.x **Description** A type confusion occurs in OP-TEE OS when processing an 'FFA MEM SHARE' request from the normal world. This issue specifically affects configurations where OP-TEE is set as a Secure Partition Manager Core (SPMC) for S-EL0 Secure Partitions, specifically when `CFG CORE SEL1 SPMC=y` and `CFG SECURE PARTITION=y` are enabled. **Recommendations** Update to version 4.11.0.
PT-2026-37380
8.2
2026-04-29
Gnutls · Gnutls · CVE-2026-42013
**Name of the Vulnerable Software and Affected Versions** gnutls versions prior to 3.8.13-1.1 **Description** No detailed information was provided regarding the nature of the security issues fixed in this package. **Recommendations** Update to version 3.8.13-1.1.
PT-2026-29820
9.8
2026-04-02
Arm · Mbed Tls · CVE-2026-34877
Name of the Vulnerable Software and Affected Versions Mbed TLS versions 2.19.0 through 3.6.5, Mbed TLS version 4.0.0 Description A flaw exists in Mbed TLS that, due to insufficient protection of serialized SSL context or session structures, could allow an attacker who can modify these structures to cause memory corruption, potentially leading to arbitrary code execution. This is a result of Incorrect Use of Privileged APIs. Recommendations Update to a version beyond 3.6.5. Update to a version beyond 4.0.0.
PT-2026-29582
9.8
2026-04-01
Arm · Tf-Psa-Crypto · CVE-2026-34875
Name of the Vulnerable Software and Affected Versions Mbed TLS versions through 3.6.5 TF-PSA-Crypto version 1.0.0 Description A buffer overflow can occur during the public key export process for FFDH keys. Recommendations Update Mbed TLS to a version later than 3.6.5. Update TF-PSA-Crypto to a version later than 1.0.0.
PT-2026-29584
7.5
2026-04-01
Arm · Mbed Tls · CVE-2026-25833
**Name of the Vulnerable Software and Affected Versions** Mbed TLS versions 3.5.0 through 3.6.5 **Description** A buffer overflow exists in the `x509 inet pton ipv6()` function. This issue was addressed in versions 3.6.6 and 4.1.0. **Recommendations** Update to version 3.6.6 or 4.1.0.
PT-2026-29587
7.5
2026-04-01
Arm · Mbed Tls · CVE-2026-34874
Name of the Vulnerable Software and Affected Versions Mbed TLS versions through 3.6.5 and 4.0.0 Description A flaw exists in the distinguished name parsing functionality, leading to a NULL pointer dereference. This can allow an attacker to write to address 0. Recommendations Update to a version later than 3.6.5. Update to a version later than 4.0.0.