Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zephyr vulnerabilities and exploits
(subscribe to this query)
8
CVSSv3
CVE-2023-1901
The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer....
Zephyrproject Zephyr
8
CVSSv3
CVE-2023-1902
The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.
Zephyrproject Zephyr
9.8
CVSSv3
CVE-2020-13601
Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44
Zephyrproject Zephyr
5.5
CVSSv3
CVE-2020-13602
Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zep...
Zephyrproject Zephyr
7.8
CVSSv3
CVE-2020-13603
Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45
Zephyrproject Zephyr
4.6
CVSSv3
CVE-2022-0553
There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.
Zephyrproject Zephyr
8.8
CVSSv3
CVE-2022-1042
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.
Zephyrproject Zephyr
8.8
CVSSv3
CVE-2022-1041
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.
Zephyrproject Zephyr
9.8
CVSSv3
CVE-2023-4257
Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.
Zephyrproject Zephyr
6.5
CVSSv3
CVE-2023-4258
In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.
Zephyrproject Zephyr
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »