CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 0CVE-2020-10070 – MQTT buffer overflow on receive buffer
https://notcve.org/view.php?id=CVE-2020-10070
05 Jun 2020 — In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. En el código de Zephyr Project MQTT, la comprobación incorrecta de los límites puede resultar en corrupción de la memoria y potencialmente en una ejecución de código remota. NCC-ZEP-031 Este problema afecta a: zephyrproject-rtos zephyr versión 2.2.0 y versiones posteriores • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10068 – Zephyr Bluetooth DLE duplicate requests vulnerability
https://notcve.org/view.php?id=CVE-2020-10068
05 Jun 2020 — In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. En el subsistema Bluetooth de Zephyr project, determinados paquetes duplicados y consecutivos pueden causar un comportamiento incorrecto, resultando en una denegación de servicio. Este problema afecta a: zephyrproject-rtos zephyr versión 2.2.0... • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2020-10063 – Remote Denial of Service in CoAP Option Parsing Due To Integer Overflow
https://notcve.org/view.php?id=CVE-2020-10063
05 Jun 2020 — A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. Un adversario remoto con la capacidad de enviar paquetes arbitrarios de CoAP para que sean analizados por Zephyr, puede causar una denegación de servicio. Este problema afecta a: zephyrproject-rtos zephyr versión 2.2.0 y versiones posteriores • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10063 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2020-10062 – Packet length decoding error in MQTT
https://notcve.org/view.php?id=CVE-2020-10062
05 Jun 2020 — An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. Un error por un paso (off-by-one) en el decodificador de longitud de paquetes MQTT del proyecto Zephyr puede resultar en una corrupción de la memoria y una potencial ejecución de código remota. NCC-ZEP-031 Este problema afecta a: zephyrproject-rtos zephyr versión 2.2.0 y versiones p... • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062 • CWE-193: Off-by-one Error •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10061 – Error handling invalid packet sequence
https://notcve.org/view.php?id=CVE-2020-10061
05 Jun 2020 — Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. El manejo inapropiado del caso full-buffer en la implementación de Zephyr Bluetooth puede resultar en una corrupción en la memoria. Este problema afecta a: zephyrproject-rtos zephyr versión 2.2.0 y versiones posteriores, y versión 1.14.0 y versiones posteriores • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10067 – Integer Overflow In is_in_region Allows User Thread To Access Kernel Memory
https://notcve.org/view.php?id=CVE-2020-10067
11 May 2020 — A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions. Una aplicación de espacio de usuario maliciosa puede causar un desbordamiento... • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10028 – Multiple Syscalls In GPIO Subsystem Performs No Argument Validation
https://notcve.org/view.php?id=CVE-2020-10028
11 May 2020 — Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. Múltiples llamadas al sistema con comprobación de argumento insuficiente. Consulte NCC-ZEP-006. Este problema afecta a: zephyrproject-rtos zephyr versión 1.14.0 y versiones posteriores. Versión 2.1.0 y versiones posteriores. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10027 – ARC Platform Uses Signed Integer Comparison When Validating Syscall Numbers
https://notcve.org/view.php?id=CVE-2020-10027
11 May 2020 — An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. Un atacante que ha obtenido una ejecución de código dentro de un subproceso (hilo) de usuario es capaz de elevar los privilegios a los del kernel. Consulte NCC-ZEP-001. Este problema afecta a: zephyrproject-rtos zephyr versión 1.14.0 y versiones posteriores. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027 • CWE-697: Incorrect Comparison •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10024 – ARM Platform Uses Signed Integer Comparison When Validating Syscall Numbers
https://notcve.org/view.php?id=CVE-2020-10024
11 May 2020 — The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. El código arm específico de la plataforma utiliza una comparación de enteros con signo cuando se comprueban los números de llamada del sistema. Un atacante que ha... • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024 • CWE-697: Incorrect Comparison •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10023 – Shell Subsystem Contains a Buffer Overflow Vulnerability In shell_spaces_trim
https://notcve.org/view.php?id=CVE-2020-10023
11 May 2020 — The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. El subsistema shell contiene un desbordamiento de búfer, por lo que un adversario con acceso físico al dispositivo es capaz de causar una corrupción de la ... • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •