Vulnerabilities > ST

DATE CVE VULNERABILITY TITLE RISK
2021-07-22 CVE-2021-34259 Classic Buffer Overflow vulnerability in ST Stm32Cube Middleware
A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code.
local
low complexity
st CWE-120
4.6
2021-07-22 CVE-2021-34260 Classic Buffer Overflow vulnerability in ST Stm32Cube Middleware
A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code.
local
low complexity
st CWE-120
4.6
2021-07-22 CVE-2021-34261 Unspecified vulnerability in ST Stm32Cube Middleware
An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service due to the system hanging when trying to set a remote wake-up feature.
local
low complexity
st
2.1
2021-07-22 CVE-2021-34262 Classic Buffer Overflow vulnerability in ST Stm32Cube Middleware
A buffer overflow vulnerability in the USBH_ParseEPDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code.
local
low complexity
st CWE-120
4.6
2021-07-22 CVE-2021-34267 Unspecified vulnerability in ST Stm32Cube Middleware
An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) when the system tries to communicate with the connected endpoint.
local
low complexity
st
2.1
2021-07-22 CVE-2021-34268 Unspecified vulnerability in ST Stm32Cube Middleware
An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) via a malformed USB device packet.
local
low complexity
st
2.1
2021-05-21 CVE-2020-27212 Injection vulnerability in ST Stm32Cubel4 Firmware
STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control.
local
st CWE-74
4.4
2021-05-21 CVE-2021-29414 Injection vulnerability in ST Stm32Cubel4 Firmware
STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control.
local
low complexity
st CWE-74
3.6
2021-01-20 CVE-2020-20949 Inadequate Encryption Strength vulnerability in multiple products
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924).
network
st ietf CWE-326
4.3
2020-08-31 CVE-2020-13466 Unspecified vulnerability in ST Stm32F103 Firmware
STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration.
local
low complexity
st
7.2