Filtered by vendor Zephyrproject
Subscriptions
Total
88 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3330 | 1 Zephyrproject | 1 Zephyr | 2024-09-17 | 7.1 High |
| RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456 | ||||
| CVE-2020-10062 | 1 Zephyrproject | 1 Zephyr | 2024-09-17 | 9 Critical |
| An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. | ||||
| CVE-2017-14201 | 1 Zephyrproject | 1 Zephyr | 2024-09-17 | N/A |
| Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all. | ||||
| CVE-2021-3434 | 1 Zephyrproject | 1 Zephyr | 2024-09-17 | 4.9 Medium |
| Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm | ||||
| CVE-2021-3432 | 1 Zephyrproject | 1 Zephyr | 2024-09-17 | 4.3 Medium |
| Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4 | ||||
| CVE-2020-10021 | 1 Zephyrproject | 1 Zephyr | 2024-09-17 | 8.1 High |
| Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions. | ||||
| CVE-2021-3835 | 1 Zephyrproject | 1 Zephyr | 2024-09-17 | 8.2 High |
| Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf | ||||
| CVE-2022-1041 | 1 Zephyrproject | 1 Zephyr | 2024-09-17 | 8.2 High |
| In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. | ||||
| CVE-2020-13599 | 1 Zephyrproject | 1 Zephyr | 2024-09-17 | 3.3 Low |
| Security problem with settings and littlefs. Zephyr versions >= 1.14.2, >= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q | ||||
| CVE-2021-3454 | 1 Zephyrproject | 1 Zephyr | 2024-09-17 | 4.3 Medium |
| Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3 | ||||
| CVE-2020-10022 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 9 Critical |
| A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions. | ||||
| CVE-2020-13603 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 6.9 Medium |
| Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45 | ||||
| CVE-2020-10060 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 8 High |
| In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions. | ||||
| CVE-2021-3430 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 6.5 Medium |
| Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr | ||||
| CVE-2020-10070 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 9 Critical |
| In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. | ||||
| CVE-2021-3431 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 4.3 Medium |
| Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9 | ||||
| CVE-2020-10061 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 8.1 High |
| Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. | ||||
| CVE-2021-3321 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 7.5 High |
| Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99 | ||||
| CVE-2021-3320 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 5.9 Medium |
| Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7 | ||||
| CVE-2021-3319 | 1 Zephyrproject | 1 Zephyr | 2024-09-16 | 6.5 Medium |
| DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364 | ||||