Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zephyrproject zephyr vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-3320
Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7
Zephyrproject Zephyr
7.5
CVSSv3
CVE-2020-10063
A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.
Zephyrproject Zephyr
6.8
CVSSv3
CVE-2023-4265
Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://...
Zephyrproject Zephyr
6.8
CVSSv3
CVE-2023-0396
A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses.
Zephyrproject Zephyr
6.8
CVSSv3
CVE-2021-3861
The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj
Zephyrproject Zephyr
6.8
CVSSv3
CVE-2020-10023
The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos...
Zephyrproject Zephyr 2.1.0
Zephyrproject Zephyr 1.14.1
6.5
CVSSv3
CVE-2023-4258
In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.
Zephyrproject Zephyr
6.5
CVSSv3
CVE-2021-3329
Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack
Zephyrproject Zephyr 2.4.0
6.5
CVSSv3
CVE-2023-0397
A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete.
Zephyrproject Zephyr
6.5
CVSSv3
CVE-2021-3322
Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3
Zephyrproject Zephyr
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »