St

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-20949 2Ietf St 21Public Key Cryptography Standards #1 Stm32cubef0Stm32cubef1+18 more Nov 21, 2024 Jan 20, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt...Show more Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.Show less
CVE-2020-13466 1St 1Stm32f103 Firmware Nov 21, 2024 Aug 31, 2020 N/A· v4 6.8 MEDIUM· v3 7.2 HIGH· v2 STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration.
CVE-2020-8004 1St 1Stm32f1 Firmware Nov 21, 2024 Apr 6, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 STMicroelectronics STM32F1 devices have Incorrect Access Control.
CVE-2019-19192 1St 2Bluenrg 2 Wb55 Nov 21, 2024 Feb 12, 2020 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol (ATT) requests on reception, allowing attackers in radio...Show more The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol (ATT) requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets.Show less
CVE-2019-16863 1St 4St33tphf20i2c Firmware St33tphf20spi FirmwareSt33tphf2ei2c Firmware+1 more Nov 21, 2024 Nov 14, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
CVE-2019-14238 1St 6Stm32f4 Firmware Stm32f7 FirmwareStm32h7 Firmware+3 more Nov 21, 2024 Sep 24, 2019 N/A· v4 6.6 MEDIUM· v3 4.6 MEDIUM· v2 On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus.
CVE-2019-14236 1St 6Stm32f4 Firmware Stm32f7 FirmwareStm32h7 Firmware+3 more Nov 21, 2024 Sep 12, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the ef...Show more On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution.Show less
CVE-2017-18347 1St 72Stm32f030c6 Firmware Stm32f030c8 FirmwareStm32f030cc Firmware+69 more Nov 21, 2024 Sep 12, 2018 N/A· v4 4.6 MEDIUM· v3 4.9 MEDIUM· v2 Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) comman...Show more Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.Show less
CVE-2003-0392 1St 1Ftp Service Apr 16, 2026 Jul 2, 2003 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Directory traversal vulnerability in ST FTP Service 3.0 allows remote attackers to list arbitrary directories via a CD command with a DoS drive letter argument (e.g. E:).

Previous 12