Vulnerabilities > NXP > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-11-18 CVE-2022-45163 Information Exposure Through Discrepancy vulnerability in NXP products
An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid.
low complexity
nxp CWE-203
4.6
2022-03-23 CVE-2022-22819 Classic Buffer Overflow vulnerability in NXP products
NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature is verified.
network
nxp CWE-120
6.8
2021-10-25 CVE-2021-38258 Classic Buffer Overflow vulnerability in NXP Mcuxpresso Software Development KIT 2.7.0
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback().
local
low complexity
nxp CWE-120
4.6
2021-10-25 CVE-2021-38260 Classic Buffer Overflow vulnerability in NXP Mcuxpresso Software Development KIT 2.7.0
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor().
local
low complexity
nxp CWE-120
4.6
2021-05-06 CVE-2021-31532 Unspecified vulnerability in NXP products
NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A) and LPC55S0x, LPC550x (silicon rev 0A) include an undocumented ROM patch peripheral that allows unsigned, non-persistent modification of the internal ROM.
local
low complexity
nxp
4.6
2021-01-07 CVE-2021-3011 Always-Incorrect Control Flow Implementation vulnerability in multiple products
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9.
high complexity
yubico nxp ftsafe google CWE-670
4.2
2020-02-10 CVE-2019-17060 Classic Buffer Overflow vulnerability in NXP Mcuxpresso Software Development KIT 2.2.1
The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero.
low complexity
nxp CWE-120
6.5
2019-09-24 CVE-2019-14239 Improper Authentication vulnerability in NXP products
On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by leveraging a load instruction inside the execute-only region to expose the protected code into a CPU register.
local
low complexity
nxp CWE-287
4.6
2017-08-07 CVE-2017-7936 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NXP products
A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx.
local
nxp CWE-119
4.4
2017-08-07 CVE-2017-7932 Improper Certificate Validation vulnerability in NXP products
An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus.
local
nxp CWE-295
4.4