Stm32cubel4 CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-29414	1 St	95 Stm32cubel4 Firmware, Stm32l412c8, Stm32l412cb and 92 more	2024-11-21	6.1 Medium
STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control.
CVE-2020-27212	1 St	95 Stm32cubel4 Firmware, Stm32l412c8, Stm32l412cb and 92 more	2024-11-21	7.0 High
STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (limited access via debug interface) by injecting a fault during the boot phase.
CVE-2020-20949	2 Ietf, St	22 Public Key Cryptography Standards \#1, Stm32cubef0, Stm32cubef1 and 19 more	2024-11-21	5.9 Medium
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.

Page 1 of 1.