|
221071
|
8.8 |
HIGH
Network
|
powerdns
|
recursor
|
An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memor…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-10030
|
2024-11-21 13:54 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221072
|
7.8 |
HIGH
Local
|
zephyrproject
|
zephyr
|
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from d…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-10067
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221073
|
6.5 |
MEDIUM
Network
|
zephyrproject
|
zephyr
|
In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would re…
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2020-10060
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221074
|
4.8 |
MEDIUM
Network
|
zephyrproject
|
zephyr
|
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using D…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-10059
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221075
|
7.8 |
HIGH
Local
|
zephyrproject
|
zephyr
|
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: ze…
|
CWE-20
Improper Input Validation
|
CVE-2020-10058
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221076
|
7.8 |
HIGH
Local
|
zephyrproject
|
zephyr
|
Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
|
CWE-20
Improper Input Validation
|
CVE-2020-10028
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221077
|
7.8 |
HIGH
Local
|
zephyrproject
|
zephyr
|
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and …
|
CWE-697
Incorrect Comparison
|
CVE-2020-10027
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221078
|
7.8 |
HIGH
Local
|
zephyrproject
|
zephyr
|
The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to …
|
CWE-697
Incorrect Comparison
|
CVE-2020-10024
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221079
|
6.8 |
MEDIUM
Physics
|
zephyrproject
|
zephyr
|
The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-10023
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221080
|
9.8 |
CRITICAL
Network
|
zephyrproject
|
zephyr
|
A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the …
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-10022
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
