Vulnerabilities > NXP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-18 | CVE-2022-45163 | Information Exposure Through Discrepancy vulnerability in NXP products An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. | 4.6 |
| 2021-12-01 | CVE-2021-40154 | Out-of-bounds Read vulnerability in NXP products NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. | 5.5 |
| 2021-12-01 | CVE-2021-44479 | Out-of-bounds Read vulnerability in NXP Kinetis K82 Firmware NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode. | 5.5 |
| 2021-06-06 | CVE-2021-33881 | Incorrect Authorization vulnerability in NXP products On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. | 4.2 |
| 2021-05-06 | CVE-2021-31532 | Unspecified vulnerability in NXP products NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A) and LPC55S0x, LPC550x (silicon rev 0A) include an undocumented ROM patch peripheral that allows unsigned, non-persistent modification of the internal ROM. low complexity nxp | 6.8 |
| 2021-01-07 | CVE-2021-3011 | Always-Incorrect Control Flow Implementation vulnerability in multiple products An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. | 4.2 |
| 2020-02-10 | CVE-2019-17060 | Classic Buffer Overflow vulnerability in NXP Mcuxpresso Software Development KIT 2.2.1 The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. | 6.5 |
| 2019-09-24 | CVE-2019-14239 | Improper Authentication vulnerability in NXP products On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by leveraging a load instruction inside the execute-only region to expose the protected code into a CPU register. | 6.6 |
| 2017-08-07 | CVE-2017-7936 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NXP products A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx. | 6.3 |
| 2017-08-07 | CVE-2017-7932 | Improper Certificate Validation vulnerability in NXP products An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. | 6.0 |