Filtered by vendor St
Subscribe
Search
Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16863 | 1 St | 8 St33tphf20i2c, St33tphf20i2c Firmware, St33tphf20spi and 5 more | 2022-05-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL. | |||||
| CVE-2021-34259 | 1 St | 2 Stm32cube Middleware, Stm32h7b3 | 2021-08-03 | 4.6 MEDIUM | 6.8 MEDIUM |
| A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. | |||||
| CVE-2021-34261 | 1 St | 2 Stm32cube Middleware, Stm32h7b3 | 2021-08-03 | 2.1 LOW | 4.6 MEDIUM |
| An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service due to the system hanging when trying to set a remote wake-up feature. | |||||
| CVE-2021-34262 | 1 St | 2 Stm32cube Middleware, Stm32h7b3 | 2021-08-03 | 4.6 MEDIUM | 6.8 MEDIUM |
| A buffer overflow vulnerability in the USBH_ParseEPDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. | |||||
| CVE-2021-34267 | 1 St | 2 Stm32cube Middleware, Stm32h7b3 | 2021-08-03 | 2.1 LOW | 4.6 MEDIUM |
| An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) when the system tries to communicate with the connected endpoint. | |||||
| CVE-2021-34268 | 1 St | 2 Stm32cube Middleware, Stm32h7b3 | 2021-08-03 | 2.1 LOW | 4.6 MEDIUM |
| An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) via a malformed USB device packet. | |||||
| CVE-2021-34260 | 1 St | 2 Stm32cube Middleware, Stm32h7b3 | 2021-08-02 | 4.6 MEDIUM | 6.8 MEDIUM |
| A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. | |||||
| CVE-2020-20949 | 2 Ietf, St | 22 Public Key Cryptography Standards \#1, Stm32cubef0, Stm32cubef1 and 19 more | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure. | |||||
| CVE-2021-29414 | 1 St | 95 Stm32cubel4 Firmware, Stm32l412c8, Stm32l412cb and 92 more | 2021-06-08 | 3.6 LOW | 6.1 MEDIUM |
| STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control. | |||||
| CVE-2017-18347 | 1 St | 144 Stm32f030c6, Stm32f030c6 Firmware, Stm32f030c8 and 141 more | 2021-05-04 | 4.9 MEDIUM | 4.6 MEDIUM |
| Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection. | |||||
| CVE-2020-13466 | 1 St | 2 Stm32f103, Stm32f103 Firmware | 2020-09-09 | 7.2 HIGH | 6.8 MEDIUM |
| STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. | |||||
| CVE-2019-19192 | 1 St | 2 Bluenrg-2, Wb55 | 2020-02-26 | 3.3 LOW | 6.5 MEDIUM |
| The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol (ATT) requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets. | |||||
| CVE-2019-14238 | 1 St | 12 Stm32f4, Stm32f4 Firmware, Stm32f7 and 9 more | 2019-09-25 | 4.6 MEDIUM | 6.6 MEDIUM |
| On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus. | |||||