Filtered by vendor Zephyrproject
Subscriptions
Total
110 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6249 | 1 Zephyrproject | 1 Zephyr | 2025-01-23 | 8 High |
| Signed to unsigned conversion esp32_ipm_send | ||||
| CVE-2023-5779 | 1 Zephyrproject | 1 Zephyr | 2025-01-22 | 4.4 Medium |
| can: out of bounds in remove_rx_filter function | ||||
| CVE-2023-6749 | 1 Zephyrproject | 1 Zephyr | 2025-01-22 | 8 High |
| Unchecked length coming from user input in settings shell | ||||
| CVE-2023-5563 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.1 High |
| The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception. | ||||
| CVE-2023-5055 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.3 High |
| Possible variant of CVE-2021-3434 in function le_ecred_reconf_req. | ||||
| CVE-2023-4424 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.3 High |
| An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device. | ||||
| CVE-2023-4258 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.6 High |
| In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee. | ||||
| CVE-2023-2234 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 6.8 Medium |
| Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host. | ||||
| CVE-2023-1902 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 5.9 Medium |
| The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer. | ||||
| CVE-2023-1901 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 5.9 Medium |
| The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer. | ||||
| CVE-2023-0359 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 5.9 Medium |
| A missing nullptr-check in handle_ra_input can cause a nullptr-deref. | ||||
| CVE-2022-1841 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.2 High |
| In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero. | ||||
| CVE-2022-1042 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.2 High |
| In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. | ||||
| CVE-2022-1041 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.2 High |
| In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. | ||||
| CVE-2021-3861 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.2 High |
| The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj | ||||
| CVE-2021-3835 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.2 High |
| Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf | ||||
| CVE-2021-3625 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 9.6 Critical |
| Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363 | ||||
| CVE-2021-3581 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7 High |
| Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5 | ||||
| CVE-2021-3510 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.5 High |
| Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 | ||||
| CVE-2021-3455 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 4.3 Medium |
| Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp | ||||