Vulnerabilities > Zephyrproject

DATE CVE VULNERABILITY TITLE RISK
2022-10-31 CVE-2022-2741 Resource Exhaustion vulnerability in Zephyrproject Zephyr
The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node.
network
low complexity
zephyrproject CWE-400
7.5
2022-06-28 CVE-2021-3430 Reachable Assertion vulnerability in Zephyrproject Zephyr
Assertion reachable with repeated LL_CONNECTION_PARAM_REQ.
network
low complexity
zephyrproject CWE-617
5.0
2022-06-28 CVE-2021-3431 Reachable Assertion vulnerability in Zephyrproject Zephyr 2.5.0/2.5.1
Assertion reachable with repeated LL_FEATURE_REQ.
network
low complexity
zephyrproject CWE-617
5.0
2022-06-28 CVE-2021-3432 Divide By Zero vulnerability in Zephyrproject Zephyr
Invalid interval in CONNECT_IND leads to Division by Zero.
network
low complexity
zephyrproject CWE-369
5.0
2022-06-28 CVE-2021-3433 Improper Handling of Exceptional Conditions vulnerability in Zephyrproject Zephyr 2.5.0/2.5.1
Invalid channel map in CONNECT_IND results to Deadlock.
local
low complexity
zephyrproject CWE-755
2.1
2022-06-28 CVE-2021-3434 Out-of-bounds Write vulnerability in Zephyrproject Zephyr 2.5.0/2.5.1
Stack based buffer overflow in le_ecred_conn_req().
local
low complexity
zephyrproject CWE-787
4.6
2022-06-28 CVE-2021-3435 Use of Uninitialized Resource vulnerability in Zephyrproject Zephyr 2.4.0/2.5.0/2.5.1
Information leakage in le_ecred_conn_req().
local
low complexity
zephyrproject CWE-908
2.1
2022-06-13 CVE-2022-1822 Cross-site Scripting vulnerability in Zephyrproject Zephyr
The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping.
4.3
2022-02-07 CVE-2021-3835 Out-of-bounds Write vulnerability in Zephyrproject Zephyr 2.6.0/2.6.1/3.0.0
Buffer overflow in usb device class.
low complexity
zephyrproject CWE-787
5.8
2022-02-07 CVE-2021-3861 Out-of-bounds Write vulnerability in Zephyrproject Zephyr 2.6.0/2.6.1
The RNDIS USB device class includes a buffer overflow vulnerability.
local
low complexity
zephyrproject CWE-787
7.2