Vulnerabilities > Zephyrproject > Zephyr > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-19 | CVE-2023-0397 | Improper Initialization vulnerability in Zephyrproject Zephyr A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete. | 6.5 |
| 2023-01-11 | CVE-2022-0553 | Cleartext Transmission of Sensitive Information vulnerability in Zephyrproject Zephyr There is no check to see if slot 0 is being uploaded from the device to the host. | 4.6 |
| 2022-06-28 | CVE-2021-3430 | Reachable Assertion vulnerability in Zephyrproject Zephyr Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. | 5.0 |
| 2022-06-28 | CVE-2021-3431 | Reachable Assertion vulnerability in Zephyrproject Zephyr 2.5.0/2.5.1 Assertion reachable with repeated LL_FEATURE_REQ. | 5.0 |
| 2022-06-28 | CVE-2021-3432 | Divide By Zero vulnerability in Zephyrproject Zephyr Invalid interval in CONNECT_IND leads to Division by Zero. | 5.0 |
| 2022-06-28 | CVE-2021-3434 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr 2.5.0/2.5.1 Stack based buffer overflow in le_ecred_conn_req(). | 4.6 |
| 2022-02-07 | CVE-2021-3835 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr 2.6.0/2.6.1/3.0.0 Buffer overflow in usb device class. | 5.8 |
| 2021-10-19 | CVE-2021-3455 | Use After Free vulnerability in Zephyrproject Zephyr 2.4.0/2.5.0/2.5.1 Disconnecting L2CAP channel right after invalid ATT request leads freeze. | 5.0 |
| 2021-10-12 | CVE-2021-3321 | Integer Underflow (Wrap or Wraparound) vulnerability in Zephyrproject Zephyr 2.4.0 Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. | 5.8 |
| 2021-10-12 | CVE-2021-3322 | NULL Pointer Dereference vulnerability in Zephyrproject Zephyr 2.4.0 Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. | 6.5 |