Vulnerabilities > Zephyrproject > Zephyr > 1.13.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-05 | CVE-2020-10068 | Improper Input Validation vulnerability in Zephyrproject Zephyr In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. | 3.3 |
| 2020-06-05 | CVE-2020-10063 | Integer Overflow or Wraparound vulnerability in Zephyrproject Zephyr A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. | 5.0 |
| 2020-06-05 | CVE-2020-10062 | Off-by-one Error vulnerability in Zephyrproject Zephyr An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. | 7.5 |
| 2020-06-05 | CVE-2020-10061 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. | 5.8 |
| 2020-05-11 | CVE-2020-10021 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. | 4.6 |
| 2020-05-11 | CVE-2020-10019 | Classic Buffer Overflow vulnerability in Zephyrproject Zephyr USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. | 4.6 |
| 2019-08-29 | CVE-2017-14202 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Zephyrproject Zephyr Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. | 4.6 |
| 2019-08-29 | CVE-2017-14201 | Use After Free vulnerability in Zephyrproject Zephyr Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. | 4.6 |