Vulnerabilities > Zephyrproject > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-12 | CVE-2021-3330 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr 2.4.0 RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. | 5.8 |
| 2021-10-05 | CVE-2021-3436 | Unspecified vulnerability in Zephyrproject Zephyr 1.14.2/2.4.0/2.5.0 BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. | 6.4 |
| 2021-10-05 | CVE-2021-3510 | Unspecified vulnerability in Zephyrproject Zephyr Zephyr JSON decoder incorrectly decodes array of array. | 5.0 |
| 2021-05-25 | CVE-2020-10072 | Unspecified vulnerability in Zephyrproject Zephyr Improper Handling of Insufficient Permissions or Privileges in zephyr. | 4.6 |
| 2021-05-25 | CVE-2020-13598 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. | 4.6 |
| 2021-05-25 | CVE-2020-13603 | Integer Overflow or Wraparound vulnerability in Zephyrproject Zephyr Integer Overflow in memory allocating functions. | 4.6 |
| 2021-05-25 | CVE-2021-3320 | Type Confusion vulnerability in Zephyrproject Zephyr Type Confusion in 802154 ACK Frames Handling. | 5.0 |
| 2020-06-05 | CVE-2020-10063 | Integer Overflow or Wraparound vulnerability in Zephyrproject Zephyr A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. | 5.0 |
| 2020-06-05 | CVE-2020-10061 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. | 5.8 |
| 2020-05-11 | CVE-2020-10060 | Access of Uninitialized Pointer vulnerability in Zephyrproject Zephyr 2.1.0/2.2.0/2.3.0 In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. | 5.5 |