Vulnerabilities > Zephyrproject > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-10 | CVE-2023-2234 | Type Confusion vulnerability in Zephyrproject Zephyr Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host. | 8.8 |
| 2023-05-30 | CVE-2023-0779 | NULL Pointer Dereference vulnerability in Zephyrproject Zephyr At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible. | 7.7 |
| 2023-01-11 | CVE-2021-3966 | Classic Buffer Overflow vulnerability in Zephyrproject Zephyr usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem. | 8.8 |
| 2022-10-31 | CVE-2022-2741 | Resource Exhaustion vulnerability in Zephyrproject Zephyr The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. | 7.5 |
| 2022-02-07 | CVE-2021-3861 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr 2.6.0/2.6.1 The RNDIS USB device class includes a buffer overflow vulnerability. | 7.2 |
| 2021-10-19 | CVE-2021-3454 | Reachable Assertion vulnerability in Zephyrproject Zephyr 2.4.0/2.5.0/2.5.1 Truncated L2CAP K-frame causes assertion failure. | 7.5 |
| 2021-10-12 | CVE-2021-3323 | Integer Underflow (Wrap or Wraparound) vulnerability in Zephyrproject Zephyr 2.4.0 Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. | 7.5 |
| 2021-10-05 | CVE-2021-3581 | Improper Validation of Specified Quantity in Input vulnerability in Zephyrproject Zephyr 2.5.0/2.5.1 Buffer Access with Incorrect Length Value in zephyr. | 8.8 |
| 2021-10-05 | CVE-2021-3625 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr Buffer overflow in Zephyr USB DFU DNLOAD. | 7.5 |
| 2021-05-25 | CVE-2020-10064 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr Improper Input Frame Validation in ieee802154 Processing. | 7.5 |