Vulnerabilities > Zephyrproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-11 | CVE-2020-10027 | Incorrect Comparison vulnerability in Zephyrproject Zephyr 1.14.0/2.1.0 An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. | 7.2 |
| 2020-05-11 | CVE-2020-10024 | Incorrect Comparison vulnerability in Zephyrproject Zephyr 1.14.2/2.1.0 The arm platform-specific code uses a signed integer comparison when validating system call numbers. | 7.2 |
| 2020-05-11 | CVE-2020-10023 | Classic Buffer Overflow vulnerability in Zephyrproject Zephyr 1.14.1/2.1.0 The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. | 4.6 |
| 2020-05-11 | CVE-2020-10022 | Classic Buffer Overflow vulnerability in Zephyrproject Zephyr 2.1.0/2.2.0 A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. | 7.5 |
| 2020-05-11 | CVE-2020-10021 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. | 4.6 |
| 2020-05-11 | CVE-2020-10019 | Classic Buffer Overflow vulnerability in Zephyrproject Zephyr USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. | 4.6 |
| 2019-08-29 | CVE-2017-14202 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Zephyrproject Zephyr Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. | 4.6 |
| 2019-08-29 | CVE-2017-14201 | Use After Free vulnerability in Zephyrproject Zephyr Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. | 4.6 |
| 2019-04-12 | CVE-2017-14199 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Zephyrproject Zephyr 1.10.0/1.9.0 A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0. | 7.5 |
| 2018-09-06 | CVE-2018-1000800 | NULL Pointer Dereference vulnerability in Zephyrproject Zephyr 1.12.0 zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). | 7.5 |