Vulnerabilities > Zephyrproject > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-07 | CVE-2021-3861 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr 2.6.0/2.6.1 The RNDIS USB device class includes a buffer overflow vulnerability. | 6.8 |
| 2021-10-12 | CVE-2021-3322 | NULL Pointer Dereference vulnerability in Zephyrproject Zephyr 2.4.0 Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. | 6.5 |
| 2021-10-05 | CVE-2021-3436 | Unspecified vulnerability in Zephyrproject Zephyr 1.14.2/2.4.0/2.5.0 BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. | 6.5 |
| 2021-05-25 | CVE-2020-10066 | NULL Pointer Dereference vulnerability in Zephyrproject Zephyr Incorrect Error Handling in Bluetooth HCI core. | 5.7 |
| 2021-05-25 | CVE-2020-10069 | Unspecified vulnerability in Zephyrproject Zephyr Zephyr Bluetooth unchecked packet data results in denial of service. low complexity zephyrproject | 6.5 |
| 2021-05-25 | CVE-2020-10072 | Unspecified vulnerability in Zephyrproject Zephyr Improper Handling of Insufficient Permissions or Privileges in zephyr. | 5.3 |
| 2021-05-25 | CVE-2020-13602 | Infinite Loop vulnerability in Zephyrproject Zephyr Remote Denial of Service in LwM2M do_write_op_tlv. | 5.5 |
| 2020-06-05 | CVE-2020-10068 | Improper Input Validation vulnerability in Zephyrproject Zephyr In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. | 6.5 |
| 2020-05-11 | CVE-2020-10060 | Access of Uninitialized Pointer vulnerability in Zephyrproject Zephyr 2.1.0/2.2.0/2.3.0 In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. | 6.5 |
| 2020-05-11 | CVE-2020-10059 | Improper Certificate Validation vulnerability in Zephyrproject Zephyr 2.1.0/2.2.0 The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. | 4.8 |