Vulnerabilities > ST > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2023-36629 | Out-of-bounds Read vulnerability in ST St54-Android-Packages-Apps-Nfc 1202021081921W33P1/1202021092921W39P0/1302022092922W39P0 The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W07p0 for Android has an out-of-bounds read. | 5.5 |
| 2021-07-22 | CVE-2021-34259 | Classic Buffer Overflow vulnerability in ST Stm32Cube Middleware A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. | 4.6 |
| 2021-07-22 | CVE-2021-34260 | Classic Buffer Overflow vulnerability in ST Stm32Cube Middleware A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. | 4.6 |
| 2021-07-22 | CVE-2021-34262 | Classic Buffer Overflow vulnerability in ST Stm32Cube Middleware A buffer overflow vulnerability in the USBH_ParseEPDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. | 4.6 |
| 2021-05-21 | CVE-2020-27212 | Injection vulnerability in ST Stm32Cubel4 Firmware STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. | 4.4 |
| 2021-01-20 | CVE-2020-20949 | Inadequate Encryption Strength vulnerability in multiple products Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). | 4.3 |
| 2020-04-06 | CVE-2020-8004 | Information Exposure vulnerability in ST Stm32F1 Firmware STMicroelectronics STM32F1 devices have Incorrect Access Control. | 5.0 |
| 2019-11-14 | CVE-2019-16863 | Information Exposure Through Discrepancy vulnerability in ST products STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL. | 5.9 |
| 2019-09-24 | CVE-2019-14238 | Improper Authentication vulnerability in ST products On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus. | 4.6 |
| 2018-09-12 | CVE-2017-18347 | Race Condition vulnerability in ST products Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection. | 4.9 |