Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zephyr vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2020-13598
FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x5...
Zephyrproject Zephyr
3.3
CVSSv3
CVE-2020-13599
Security problem with settings and littlefs. Zephyr versions >= 1.14.2, >= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q
Zephyrproject Zephyr
7.6
CVSSv3
CVE-2020-13600
Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions >= 1.14.2, >= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr
Zephyrproject Zephyr
5.5
CVSSv3
CVE-2020-13602
Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zep...
Zephyrproject Zephyr
7.8
CVSSv3
CVE-2020-13603
Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45
Zephyrproject Zephyr
7.5
CVSSv3
CVE-2021-3454
Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/adviso...
Zephyrproject Zephyr
7.8
CVSSv3
CVE-2020-10058
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
Zephyrproject Zephyr 2.1.0
9.8
CVSSv3
CVE-2023-22889
SmartBear Zephyr Enterprise up to and including 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users.
Smartbear Zephyr Enterprise
7.5
CVSSv3
CVE-2023-22890
SmartBear Zephyr Enterprise up to and including 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.
Smartbear Zephyr Enterprise
8.1
CVSSv3
CVE-2023-22891
There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise up to and including 7.15.0 that could be exploited by authorized users to reset passwords for other accounts.
Smartbear Zephyr Enterprise
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »