High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-07	CVE-2024-25200	Out-of-bounds Write vulnerability in Espruino 2.20 Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c. network low complexity espruino CWE-787	7.5
2024-02-07	CVE-2024-25201	Out-of-bounds Read vulnerability in Espruino 2.20 Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c. network low complexity espruino CWE-125	7.5
2023-04-04	CVE-2020-23257	Classic Buffer Overflow vulnerability in Espruino 2.05.41 Buffer Overflow vulnerability found in Espruino 2v05.41 allows an attacker to cause a denial of service via the function jsvGarbageCollectMarkUsed in file src/jsvar.c. network low complexity espruino CWE-120	7.5
2022-03-05	CVE-2022-25044	Out-of-bounds Write vulnerability in Espruino 2.11.251 Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString. local low complexity espruino CWE-787	7.8
2022-03-05	CVE-2022-25465	Out-of-bounds Write vulnerability in Espruino 2.11 Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling. local low complexity espruino CWE-787	7.8
2022-01-20	CVE-2021-46324	Out-of-bounds Write vulnerability in Espruino 2.11.251 Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString. local low complexity espruino CWE-787	7.8
2022-01-20	CVE-2021-46325	Out-of-bounds Write vulnerability in Espruino 2.10.246 Espruino 2v10.246 was discovered to contain a stack buffer overflow via src/jsutils.c in vcbprintf. local low complexity espruino CWE-787	7.8
2018-05-31	CVE-2018-11598	Out-of-bounds Read vulnerability in Espruino Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c. local low complexity espruino CWE-125	7.1
2018-05-31	CVE-2018-11595	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Espruino Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused. local low complexity espruino CWE-119	7.8
2018-05-31	CVE-2018-11593	Out-of-bounds Write vulnerability in Espruino Espruino before 1.99 allows attackers to cause a denial of service (application crash) and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing because strncpy is misused in jslex.c. local low complexity espruino CWE-787	7.1