Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zephyr vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2020-10059
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-...
Zephyrproject Zephyr 2.1.0
Zephyrproject Zephyr 2.2.0
7.2
CVSSv2
CVE-2020-10067
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execu...
Zephyrproject Zephyr 1.14.1
Zephyrproject Zephyr 2.1.0
7.5
CVSSv2
CVE-2017-14199
A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0.
Zephyrproject Zephyr 1.9.0
Zephyrproject Zephyr 1.10.0
4.3
CVSSv2
CVE-2022-1822
The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated ...
Zephyr Project Manager Project Zephyr Project Manager
NA
CVE-2023-31237
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a up to and including 3.3.9.
Zephyr Project Manager Project Zephyr Project Manager
NA
CVE-2023-34373
Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions.
Zephyr Project Manager Project Zephyr Project Manager
NA
CVE-2022-2840
The Zephyr Project Manager WordPress plugin prior to 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections
Zephyr Project Manager Project Zephyr Project Manager
1 EDB exploit
NA
CVE-2023-0779
At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible.
Zephyrproject Zephyr
NA
CVE-2022-0553
There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.
Zephyrproject Zephyr
5.8
CVSSv2
CVE-2021-3321
Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99
Zephyrproject Zephyr
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »