Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zephyrproject zephyr vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-4260
Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.
Zephyrproject Zephyr
NA
CVE-2023-4264
Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.
Zephyrproject Zephyr
NA
CVE-2023-4259
Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code.
Zephyrproject Zephyr
NA
CVE-2023-4258
In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.
Zephyrproject Zephyr
NA
CVE-2023-4265
Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://...
Zephyrproject Zephyr
NA
CVE-2023-2234
Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host.
Zephyrproject Zephyr
NA
CVE-2023-1902
The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.
Zephyrproject Zephyr
NA
CVE-2023-1901
The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer....
Zephyrproject Zephyr
NA
CVE-2023-0359
A missing nullptr-check in handle_ra_input can cause a nullptr-deref.
Zephyrproject Zephyr
NA
CVE-2023-0779
At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible.
Zephyrproject Zephyr
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »