Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zephyr vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2020-10027
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
Zephyrproject Zephyr 2.1.0
Zephyrproject Zephyr 1.14.0
4.8
CVSSv3
CVE-2020-10059
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-...
Zephyrproject Zephyr 2.2.0
Zephyrproject Zephyr 2.1.0
9.8
CVSSv3
CVE-2017-14199
A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0.
Zephyrproject Zephyr 1.9.0
Zephyrproject Zephyr 1.10.0
9.8
CVSSv3
CVE-2022-2840
The Zephyr Project Manager WordPress plugin prior to 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections
Zephyr Project Manager Project Zephyr Project Manager
1 EDB exploit
6.1
CVSSv3
CVE-2022-1822
The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated ...
Zephyr Project Manager Project Zephyr Project Manager
8.8
CVSSv3
CVE-2023-34373
Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions.
Zephyr Project Manager Project Zephyr Project Manager
6.1
CVSSv3
CVE-2023-31237
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a up to and including 3.3.9.
Zephyr Project Manager Project Zephyr Project Manager
7.5
CVSSv3
CVE-2023-5563
The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception.
Zephyrproject Zephyr
7.8
CVSSv3
CVE-2023-5139
Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver
Zephyrproject Zephyr
7.8
CVSSv3
CVE-2020-13598
FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x5...
Zephyrproject Zephyr
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »