Vulnerabilities > ST

DATE CVE VULNERABILITY TITLE RISK
2024-01-09 CVE-2023-36629 Out-of-bounds Read vulnerability in ST St54-Android-Packages-Apps-Nfc 1202021081921W33P1/1202021092921W39P0/1302022092922W39P0
The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W07p0 for Android has an out-of-bounds read.
local
low complexity
st CWE-125
5.5
2024-01-01 CVE-2023-50096 Classic Buffer Overflow vulnerability in ST X-Cube-Safea1 1.2.0
STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus.
high complexity
st CWE-120
7.5
2022-10-21 CVE-2021-42553 Classic Buffer Overflow vulnerability in ST Stm32 MW USB Host
A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS.
network
low complexity
st CWE-120
critical
9.8
2022-03-04 CVE-2021-43392 Improper Verification of Cryptographic Signature vulnerability in ST J-Safe3 Firmware and Stsafe-J Firmware
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets.
local
st CWE-347
1.9
2022-03-04 CVE-2021-43393 Improper Verification of Cryptographic Signature vulnerability in ST J-Safe3 Firmware and Stsafe-J Firmware
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification.
local
st CWE-347
1.9
2021-07-22 CVE-2021-34259 Classic Buffer Overflow vulnerability in ST Stm32Cube Middleware
A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code.
local
low complexity
st CWE-120
4.6
2021-07-22 CVE-2021-34260 Classic Buffer Overflow vulnerability in ST Stm32Cube Middleware
A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code.
local
low complexity
st CWE-120
4.6
2021-07-22 CVE-2021-34261 Unspecified vulnerability in ST Stm32Cube Middleware
An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service due to the system hanging when trying to set a remote wake-up feature.
local
low complexity
st
2.1
2021-07-22 CVE-2021-34262 Classic Buffer Overflow vulnerability in ST Stm32Cube Middleware
A buffer overflow vulnerability in the USBH_ParseEPDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code.
local
low complexity
st CWE-120
4.6
2021-07-22 CVE-2021-34267 Unspecified vulnerability in ST Stm32Cube Middleware
An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) when the system tries to communicate with the connected endpoint.
local
low complexity
st
2.1