Vulnerabilities > Zephyrproject

DATE CVE VULNERABILITY TITLE RISK
2020-05-11 CVE-2020-10067 Integer Overflow or Wraparound vulnerability in Zephyrproject Zephyr 1.14.1/2.1.0
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers.
local
low complexity
zephyrproject CWE-190
7.2
2020-05-11 CVE-2020-10060 Access of Uninitialized Pointer vulnerability in Zephyrproject Zephyr 2.1.0/2.2.0/2.3.0
In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places.
network
low complexity
zephyrproject CWE-824
5.5
2020-05-11 CVE-2020-10059 Improper Certificate Validation vulnerability in Zephyrproject Zephyr 2.1.0/2.2.0
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack.
5.8
2020-05-11 CVE-2020-10058 Improper Input Validation vulnerability in Zephyrproject Zephyr 2.1.0
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges.
local
low complexity
zephyrproject CWE-20
4.6
2020-05-11 CVE-2020-10028 Improper Input Validation vulnerability in Zephyrproject Zephyr 1.14.0/2.1.0
Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions.
local
low complexity
zephyrproject CWE-20
4.6
2020-05-11 CVE-2020-10027 Incorrect Comparison vulnerability in Zephyrproject Zephyr 1.14.0/2.1.0
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel.
local
low complexity
zephyrproject CWE-697
7.2
2020-05-11 CVE-2020-10024 Incorrect Comparison vulnerability in Zephyrproject Zephyr 1.14.2/2.1.0
The arm platform-specific code uses a signed integer comparison when validating system call numbers.
local
low complexity
zephyrproject CWE-697
7.2
2020-05-11 CVE-2020-10023 Classic Buffer Overflow vulnerability in Zephyrproject Zephyr 1.14.1/2.1.0
The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel.
local
low complexity
zephyrproject CWE-120
4.6
2020-05-11 CVE-2020-10022 Classic Buffer Overflow vulnerability in Zephyrproject Zephyr 2.1.0/2.2.0
A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS.
network
low complexity
zephyrproject CWE-120
7.5
2020-05-11 CVE-2020-10021 Out-of-bounds Write vulnerability in Zephyrproject Zephyr
Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions.
local
low complexity
zephyrproject CWE-787
4.6