CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-13598 – FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat
https://notcve.org/view.php?id=CVE-2020-13598
24 May 2021 — FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h FS: Desbordamiento del búfer al habilitar Nombres de Archivo Largos en FAT_FS y llamar a fs_stat. Zephyr versiones posteriores a v1.14.2 incluyéndola, versiones posteriores a v2.3.0 incluyéndola, contienen un Desbordamiento del Bú... • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10072 – Improper Handling of Insufficient Permissions or Privileges in zephyr
https://notcve.org/view.php?id=CVE-2020-10072
24 May 2021 — Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc Un manejo Inapropiado de Permisos o Privilegios Insuficientes en zephyr. Zephyr versiones posteriores a v1.14.2 incluyéndola, versiones posteriores a v2.2.0 incluyéndola contienen un Manejo Inapropiado de Per... • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10069 – Zephyr Bluetooth unchecked packet data results in denial of service
https://notcve.org/view.php?id=CVE-2020-10069
24 May 2021 — Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp Zephyr Bluetooth los datos de paquetes no comprobados, resultan en una denegación de servicio. Zephyr versiones posteriores a v1.14.2 incluyéndola, versiones posteriores a v2.2.0 incluyéndola contienen un manejo inapropiado de parámetros ... • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp • CWE-233: Improper Handling of Parameters •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10066 – Incorrect Error Handling in Bluetooth HCI core
https://notcve.org/view.php?id=CVE-2020-10066
24 May 2021 — Incorrect Error Handling in Bluetooth HCI core. Zephyr versions >= v1.14.2, >= v2.2.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr Un Manejo Incorrecto de Errores en el core HCI de Bluetooth. Zephyr versiones posteriores a v1.14.2 incluyéndola, versiones posteriores a v2.2.0 incluyéndola contienen una desreferencia de puntero NULL (CWE-476). Para mayor información, consulte https://github.... • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10065 – Missing Size Checks in Bluetooth HCI over SPI
https://notcve.org/view.php?id=CVE-2020-10065
24 May 2021 — Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c Una falta de Comprobaciones de Tamaño en Bluetooth HCI sobre SPI. Zephyr versiones posteriores a v1.14.2 incluyéndola, versiones posteriores a v2.2.0 incluyéndola, contienen un Manejo Inapropiado de la Inconsistencia del Parámetro Length (C... • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10064 – Improper Input Frame Validation in ieee802154 Processing
https://notcve.org/view.php?id=CVE-2020-10064
24 May 2021 — Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7 Una Comprobación Inapropiada de la Trama de Entrada en el Procesamiento ieee802154. Zephyr versiones posteriores a v1.14.2 incluyéndola, versiones posteriores a v2.2.0 incluyéndola, contienen un Desbordamiento de bú... • http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7 • CWE-121: Stack-based Buffer Overflow CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 13%CPEs: 1EXPL: 0CVE-2020-10071 – Insufficient publish message length validation in MQTT
https://notcve.org/view.php?id=CVE-2020-10071
05 Jun 2020 — The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. El código de análisis de Zephyr MQTT realiza una comprobación insuficiente del campo de longitud en los mensajes de publicación, lo que permite un desbordamiento del búfer y potencialmente una ejecución de código remota. NCC-ZEP-031 Este problema afecta... • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10071 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-129: Improper Validation of Array Index •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 0CVE-2020-10070 – MQTT buffer overflow on receive buffer
https://notcve.org/view.php?id=CVE-2020-10070
05 Jun 2020 — In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. En el código de Zephyr Project MQTT, la comprobación incorrecta de los límites puede resultar en corrupción de la memoria y potencialmente en una ejecución de código remota. NCC-ZEP-031 Este problema afecta a: zephyrproject-rtos zephyr versión 2.2.0 y versiones posteriores • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10070 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10068 – Zephyr Bluetooth DLE duplicate requests vulnerability
https://notcve.org/view.php?id=CVE-2020-10068
05 Jun 2020 — In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. En el subsistema Bluetooth de Zephyr project, determinados paquetes duplicados y consecutivos pueden causar un comportamiento incorrecto, resultando en una denegación de servicio. Este problema afecta a: zephyrproject-rtos zephyr versión 2.2.0... • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10068 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2020-10063 – Remote Denial of Service in CoAP Option Parsing Due To Integer Overflow
https://notcve.org/view.php?id=CVE-2020-10063
05 Jun 2020 — A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. Un adversario remoto con la capacidad de enviar paquetes arbitrarios de CoAP para que sean analizados por Zephyr, puede causar una denegación de servicio. Este problema afecta a: zephyrproject-rtos zephyr versión 2.2.0 y versiones posteriores • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10063 • CWE-190: Integer Overflow or Wraparound •