CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43392
https://notcve.org/view.php?id=CVE-2021-43392
04 Mar 2022 — STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform. STMicroe... • https://community.st.com/s/toparticles • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43393
https://notcve.org/view.php?id=CVE-2021-43393
04 Mar 2022 — STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform. STMicroelectronics STSA... • https://community.st.com/s/toparticles • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 1CVE-2021-34268
https://notcve.org/view.php?id=CVE-2021-34268
22 Jul 2021 — An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) via a malformed USB device packet. Un problema en la función USBH_ParseDevDesc() de STMicroelectronics STM32Cube Middleware versiones v1.8.0 y por debajo, causa una denegación de servicio (DOS) por medio de un paquete de dispositivo USB malformado • https://github.com/STMicroelectronics/STM32CubeH7/issues/75 •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 1CVE-2021-34267
https://notcve.org/view.php?id=CVE-2021-34267
22 Jul 2021 — An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) when the system tries to communicate with the connected endpoint. Una vulnerabilidad en la función USBH_MSC_InterfaceInit() de STMicroelectronics STM32Cube Middleware versiones v1.8.0 y por debajo, causa una denegación de servicio (DOS) cuando el sistema intenta comunicarse con el endpoint conectado • https://github.com/STMicroelectronics/STM32CubeH7/issues/80 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-34262
https://notcve.org/view.php?id=CVE-2021-34262
22 Jul 2021 — A buffer overflow vulnerability in the USBH_ParseEPDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. Una vulnerabilidad de desbordamiento de búfer en la función USBH_ParseEPDesc() de STMicroelectronics STM32Cube Middleware versiones v1.8.0 y por debajo, permite a atacantes ejecutar código arbitrario • https://github.com/STMicroelectronics/STM32CubeH7/issues/81 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 1CVE-2021-34261
https://notcve.org/view.php?id=CVE-2021-34261
22 Jul 2021 — An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service due to the system hanging when trying to set a remote wake-up feature. Un problema en la función USBH_ParseCfgDesc() de STMicroelectronics STM32Cube Middleware versiones v1.8.0 y por debajo, causa una denegación de servicio debido a que el sistema se cuelga cuando se intenta ajustar una funcionalidad remote wake-up • https://github.com/STMicroelectronics/STM32CubeH7/issues/78 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-34260
https://notcve.org/view.php?id=CVE-2021-34260
22 Jul 2021 — A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. Una vulnerabilidad de desbordamiento de búfer en la función USBH_ParseInterfaceDesc() de STMicroelectronics STM32Cube Middleware versiones v1.8.0 y por debajo, permite a atacantes ejecutar código arbitrario • https://github.com/STMicroelectronics/STM32CubeH7/issues/83 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-34259
https://notcve.org/view.php?id=CVE-2021-34259
22 Jul 2021 — A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. Una vulnerabilidad de desbordamiento de búfer en la función USBH_ParseCfgDesc() de STMicroelectronics STM32Cube Middleware versiones v1.8.0 y por debajo, permite a atacantes ejecutar código arbitrario • https://github.com/STMicroelectronics/STM32CubeH7/issues/76 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.0EPSS: 0%CPEs: 95EXPL: 0CVE-2020-27212
https://notcve.org/view.php?id=CVE-2020-27212
21 May 2021 — STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (limited access via debug interface) by injecting a fault during the boot phase. Los dispositivos STMicroelectronics STM32L4 versión hasta el 2020-10-19, presentan un control de acceso incorrecto. La protección de lectura flash (RDP) se puede degradar desde el nivel 2 de RDP (sin acceso por medio de la interf... • https://eprint.iacr.org/2021/640 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 95EXPL: 0CVE-2021-29414
https://notcve.org/view.php?id=CVE-2021-29414
21 May 2021 — STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control. Los dispositivos STMicroelectronics STM32L4 hasta el 2021-03-29 presentan un control de acceso físico incorrecto • https://eprint.iacr.org/2021/640 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •