|
220111
|
7.8 |
HIGH
Local
|
zephyrproject
|
zephyr
|
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from d…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-10067
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220112
|
6.5 |
MEDIUM
Network
|
zephyrproject
|
zephyr
|
In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would re…
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2020-10060
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220113
|
4.8 |
MEDIUM
Network
|
zephyrproject
|
zephyr
|
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using D…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-10059
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220114
|
7.8 |
HIGH
Local
|
zephyrproject
|
zephyr
|
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: ze…
|
CWE-20
Improper Input Validation
|
CVE-2020-10058
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220115
|
7.8 |
HIGH
Local
|
zephyrproject
|
zephyr
|
Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
|
CWE-20
Improper Input Validation
|
CVE-2020-10028
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220116
|
7.8 |
HIGH
Local
|
zephyrproject
|
zephyr
|
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and …
|
CWE-697
Incorrect Comparison
|
CVE-2020-10027
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220117
|
7.8 |
HIGH
Local
|
zephyrproject
|
zephyr
|
The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to …
|
CWE-697
Incorrect Comparison
|
CVE-2020-10024
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220118
|
6.8 |
MEDIUM
Physics
|
zephyrproject
|
zephyr
|
The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-10023
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220119
|
9.8 |
CRITICAL
Network
|
zephyrproject
|
zephyr
|
A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the …
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-10022
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220120
|
7.8 |
HIGH
Local
|
zephyrproject
|
zephyr
|
Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later v…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-10021
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
