Vulnerabilities > Zephyrproject
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-11 | CVE-2020-10067 | Integer Overflow or Wraparound vulnerability in Zephyrproject Zephyr 1.14.1/2.1.0 A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. | 7.2 |
2020-05-11 | CVE-2020-10060 | Access of Uninitialized Pointer vulnerability in Zephyrproject Zephyr 2.1.0/2.2.0/2.3.0 In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. | 5.5 |
2020-05-11 | CVE-2020-10059 | Improper Certificate Validation vulnerability in Zephyrproject Zephyr 2.1.0/2.2.0 The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. | 5.8 |
2020-05-11 | CVE-2020-10058 | Improper Input Validation vulnerability in Zephyrproject Zephyr 2.1.0 Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. | 4.6 |
2020-05-11 | CVE-2020-10028 | Improper Input Validation vulnerability in Zephyrproject Zephyr 1.14.0/2.1.0 Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. | 4.6 |
2020-05-11 | CVE-2020-10027 | Incorrect Comparison vulnerability in Zephyrproject Zephyr 1.14.0/2.1.0 An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. | 7.2 |
2020-05-11 | CVE-2020-10024 | Incorrect Comparison vulnerability in Zephyrproject Zephyr 1.14.2/2.1.0 The arm platform-specific code uses a signed integer comparison when validating system call numbers. | 7.2 |
2020-05-11 | CVE-2020-10023 | Classic Buffer Overflow vulnerability in Zephyrproject Zephyr 1.14.1/2.1.0 The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. | 4.6 |
2020-05-11 | CVE-2020-10022 | Classic Buffer Overflow vulnerability in Zephyrproject Zephyr 2.1.0/2.2.0 A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. | 7.5 |
2020-05-11 | CVE-2020-10021 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. | 4.6 |