Vulnerabilities > Zephyrproject > Zephyr > 2.3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-11 | CVE-2022-0553 | Cleartext Transmission of Sensitive Information vulnerability in Zephyrproject Zephyr There is no check to see if slot 0 is being uploaded from the device to the host. | 4.6 |
| 2022-12-09 | CVE-2022-2993 | Unspecified vulnerability in Zephyrproject Zephyr There is an error in the condition of the last if-statement in the function smp_check_keys. | 9.8 |
| 2022-10-31 | CVE-2022-2741 | Resource Exhaustion vulnerability in Zephyrproject Zephyr The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. | 7.5 |
| 2022-08-31 | CVE-2022-1841 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero. | 5.3 |
| 2022-07-26 | CVE-2022-1041 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. | 8.8 |
| 2022-07-26 | CVE-2022-1042 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. | 8.8 |
| 2022-06-28 | CVE-2021-3430 | Reachable Assertion vulnerability in Zephyrproject Zephyr Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. | 7.5 |
| 2022-06-28 | CVE-2021-3432 | Divide By Zero vulnerability in Zephyrproject Zephyr Invalid interval in CONNECT_IND leads to Division by Zero. | 7.5 |
| 2021-05-25 | CVE-2020-13598 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. | 7.8 |
| 2021-05-25 | CVE-2020-13599 | Incorrect Default Permissions vulnerability in Zephyrproject Zephyr Security problem with settings and littlefs. | 3.3 |