Vulnerabilities > Zephyrproject > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-05 CVE-2021-3581 Improper Validation of Specified Quantity in Input vulnerability in Zephyrproject Zephyr 2.5.0/2.5.1
Buffer Access with Incorrect Length Value in zephyr.
low complexity
zephyrproject CWE-1284
8.8
2021-05-25 CVE-2020-10065 Out-of-bounds Write vulnerability in Zephyrproject Zephyr
Missing Size Checks in Bluetooth HCI over SPI.
low complexity
zephyrproject CWE-787
8.8
2021-05-25 CVE-2020-13598 Out-of-bounds Write vulnerability in Zephyrproject Zephyr
FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat.
local
low complexity
zephyrproject CWE-787
7.8
2021-05-25 CVE-2020-13600 Out-of-bounds Write vulnerability in Zephyrproject Zephyr
Malformed SPI in response for eswifi can corrupt kernel memory.
low complexity
zephyrproject CWE-787
7.6
2021-05-25 CVE-2020-13603 Integer Overflow or Wraparound vulnerability in Zephyrproject Zephyr
Integer Overflow in memory allocating functions.
local
low complexity
zephyrproject CWE-190
7.8
2021-05-25 CVE-2021-3320 Type Confusion vulnerability in Zephyrproject Zephyr
Type Confusion in 802154 ACK Frames Handling.
network
low complexity
zephyrproject CWE-843
7.5
2020-06-05 CVE-2020-10063 Integer Overflow or Wraparound vulnerability in Zephyrproject Zephyr
A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service.
network
low complexity
zephyrproject CWE-190
7.5
2020-06-05 CVE-2020-10061 Out-of-bounds Write vulnerability in Zephyrproject Zephyr
Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption.
low complexity
zephyrproject CWE-787
8.8
2020-05-11 CVE-2020-10067 Integer Overflow or Wraparound vulnerability in Zephyrproject Zephyr 1.14.1/2.1.0
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers.
local
low complexity
zephyrproject CWE-190
7.8
2020-05-11 CVE-2020-10058 Improper Input Validation vulnerability in Zephyrproject Zephyr 2.1.0
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges.
local
low complexity
zephyrproject CWE-20
7.8