Vulnerabilities > NXP > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-11-18 CVE-2022-45163 Information Exposure Through Discrepancy vulnerability in NXP products
An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid.
low complexity
nxp CWE-203
4.6
2021-12-01 CVE-2021-40154 Out-of-bounds Read vulnerability in NXP products
NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode.
local
low complexity
nxp CWE-125
5.5
2021-12-01 CVE-2021-44479 Out-of-bounds Read vulnerability in NXP Kinetis K82 Firmware
NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode.
local
low complexity
nxp CWE-125
5.5
2021-06-06 CVE-2021-33881 Incorrect Authorization vulnerability in NXP products
On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism.
high complexity
nxp CWE-863
4.2
2021-05-06 CVE-2021-31532 Unspecified vulnerability in NXP products
NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A) and LPC55S0x, LPC550x (silicon rev 0A) include an undocumented ROM patch peripheral that allows unsigned, non-persistent modification of the internal ROM.
low complexity
nxp
6.8
2021-01-07 CVE-2021-3011 Always-Incorrect Control Flow Implementation vulnerability in multiple products
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9.
high complexity
yubico nxp ftsafe google CWE-670
4.2
2020-02-10 CVE-2019-17060 Classic Buffer Overflow vulnerability in NXP Mcuxpresso Software Development KIT 2.2.1
The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero.
low complexity
nxp CWE-120
6.5
2019-09-24 CVE-2019-14239 Improper Authentication vulnerability in NXP products
On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by leveraging a load instruction inside the execute-only region to expose the protected code into a CPU register.
low complexity
nxp CWE-287
6.6
2017-08-07 CVE-2017-7936 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NXP products
A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx.
high complexity
nxp CWE-119
6.3
2017-08-07 CVE-2017-7932 Improper Certificate Validation vulnerability in NXP products
An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus.
high complexity
nxp CWE-295
6.0