CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43393
https://notcve.org/view.php?id=CVE-2021-43393
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform. STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, y J-SIGN a veces permiten a atacantes abusar de la verificación de firmas. • https://community.st.com/s/toparticles https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-169 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 1CVE-2021-34268
https://notcve.org/view.php?id=CVE-2021-34268
An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) via a malformed USB device packet. Un problema en la función USBH_ParseDevDesc() de STMicroelectronics STM32Cube Middleware versiones v1.8.0 y por debajo, causa una denegación de servicio (DOS) por medio de un paquete de dispositivo USB malformado • https://github.com/STMicroelectronics/STM32CubeH7/issues/75 •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 1CVE-2021-34267
https://notcve.org/view.php?id=CVE-2021-34267
An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) when the system tries to communicate with the connected endpoint. Una vulnerabilidad en la función USBH_MSC_InterfaceInit() de STMicroelectronics STM32Cube Middleware versiones v1.8.0 y por debajo, causa una denegación de servicio (DOS) cuando el sistema intenta comunicarse con el endpoint conectado • https://github.com/STMicroelectronics/STM32CubeH7/issues/80 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-34262
https://notcve.org/view.php?id=CVE-2021-34262
A buffer overflow vulnerability in the USBH_ParseEPDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. Una vulnerabilidad de desbordamiento de búfer en la función USBH_ParseEPDesc() de STMicroelectronics STM32Cube Middleware versiones v1.8.0 y por debajo, permite a atacantes ejecutar código arbitrario • https://github.com/STMicroelectronics/STM32CubeH7/issues/81 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 1CVE-2021-34261
https://notcve.org/view.php?id=CVE-2021-34261
An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service due to the system hanging when trying to set a remote wake-up feature. Un problema en la función USBH_ParseCfgDesc() de STMicroelectronics STM32Cube Middleware versiones v1.8.0 y por debajo, causa una denegación de servicio debido a que el sistema se cuelga cuando se intenta ajustar una funcionalidad remote wake-up • https://github.com/STMicroelectronics/STM32CubeH7/issues/78 •