Vulnerabilities > ST
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-22 | CVE-2021-34268 | Unspecified vulnerability in ST Stm32Cube Middleware An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) via a malformed USB device packet. | 2.1 |
| 2021-05-21 | CVE-2020-27212 | Injection vulnerability in ST Stm32Cubel4 Firmware STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. | 4.4 |
| 2021-05-21 | CVE-2021-29414 | Injection vulnerability in ST Stm32Cubel4 Firmware STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control. | 3.6 |
| 2021-01-20 | CVE-2020-20949 | Inadequate Encryption Strength vulnerability in multiple products Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). | 4.3 |
| 2020-08-31 | CVE-2020-13466 | Unspecified vulnerability in ST Stm32F103 Firmware STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. | 7.2 |
| 2020-04-06 | CVE-2020-8004 | Information Exposure vulnerability in ST Stm32F1 Firmware STMicroelectronics STM32F1 devices have Incorrect Access Control. | 5.0 |
| 2020-02-12 | CVE-2019-19192 | Improper Input Validation vulnerability in ST Bluenrg-2 and Wb55 The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol (ATT) requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets. | 3.3 |
| 2019-11-14 | CVE-2019-16863 | Information Exposure Through Discrepancy vulnerability in ST products STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL. | 5.9 |
| 2019-09-24 | CVE-2019-14238 | Improper Authentication vulnerability in ST products On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus. | 4.6 |
| 2019-09-12 | CVE-2019-14236 | Incorrect Authorization vulnerability in ST products On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution. | 7.5 |