Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zephyrproject vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2020-10067
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execu...
Zephyrproject Zephyr 1.14.1
Zephyrproject Zephyr 2.1.0
9.8
CVSSv3
CVE-2022-3806
Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer.
Zephyrproject Zephyr
7.7
CVSSv3
CVE-2023-0779
At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible.
Zephyrproject Zephyr
8.8
CVSSv3
CVE-2023-5753
Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c
Zephyrproject Zephyr
7.5
CVSSv3
CVE-2023-0359
A missing nullptr-check in handle_ra_input can cause a nullptr-deref.
Zephyrproject Zephyr
6.8
CVSSv3
CVE-2023-0396
A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses.
Zephyrproject Zephyr
6.5
CVSSv3
CVE-2023-0397
A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete.
Zephyrproject Zephyr
7.8
CVSSv3
CVE-2020-10019
USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later v...
Zephyrproject Zephyr
7.8
CVSSv3
CVE-2020-10021
Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
Zephyrproject Zephyr
6.5
CVSSv3
CVE-2020-10060
In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service...
Zephyrproject Zephyr
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »