Page 7 of 60 results (0.006 seconds)

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0

In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee. En la implementación de Bluetooth mesh, si el "provisionee" tiene una clave pública que se envía OOB, durante el aprovisionamiento se puede devolver y será aceptada por el "provisionee". • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m34c-cp63-rwh7 • CWE-684: Incorrect Provision of Specified Functionality •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2

Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841 • http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html http://seclists.org/fulldisclosure/2023/Nov/1 http://www.openwall.com/lists/oss-security/2023/11/07/1 https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vgv-5r6q-r6xh • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0

The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xvvm-8mcm-9cq3 • CWE-672: Operation on a Resource after Expiration or Release CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0

The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899 • CWE-416: Use After Free CWE-672: Operation on a Resource after Expiration or Release •