Vulnerabilities > Zephyrproject > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-10 | CVE-2023-2234 | Type Confusion vulnerability in Zephyrproject Zephyr Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host. | 8.8 |
| 2023-05-30 | CVE-2023-0779 | NULL Pointer Dereference vulnerability in Zephyrproject Zephyr At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible. | 7.7 |
| 2023-01-11 | CVE-2021-3966 | Classic Buffer Overflow vulnerability in Zephyrproject Zephyr usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem. | 8.8 |
| 2022-10-31 | CVE-2022-2741 | Resource Exhaustion vulnerability in Zephyrproject Zephyr The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. | 7.5 |
| 2022-07-26 | CVE-2022-1041 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. | 8.8 |
| 2022-07-26 | CVE-2022-1042 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. | 8.8 |
| 2022-06-28 | CVE-2021-3430 | Reachable Assertion vulnerability in Zephyrproject Zephyr Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. | 7.5 |
| 2022-06-28 | CVE-2021-3431 | Reachable Assertion vulnerability in Zephyrproject Zephyr 2.5.0/2.5.1 Assertion reachable with repeated LL_FEATURE_REQ. | 7.5 |
| 2022-06-28 | CVE-2021-3432 | Divide By Zero vulnerability in Zephyrproject Zephyr Invalid interval in CONNECT_IND leads to Division by Zero. | 7.5 |
| 2022-06-28 | CVE-2021-3434 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr 2.5.0/2.5.1 Stack based buffer overflow in le_ecred_conn_req(). | 7.8 |