Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zephyr vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-22892
There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise up to and including 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances.
Smartbear Zephyr Enterprise
6.5
CVSSv3
CVE-2021-3329
Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack
Zephyrproject Zephyr 2.4.0
7.8
CVSSv3
CVE-2020-10058
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
Zephyrproject Zephyr 2.1.0
6.5
CVSSv3
CVE-2019-1003084
A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows malicious users to initiate a connection to an attacker-specified server.
Jenkins Zephyr Enterprise Test Management
6.5
CVSSv3
CVE-2019-1003085
A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
Jenkins Zephyr Enterprise Test Management
5.5
CVSSv3
CVE-2020-2145
Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and previous versions stores its Zephyr password in plain text on the Jenkins master file system.
Jenkins Zephyr Enterprise Test Management
5.5
CVSSv3
CVE-2020-2154
Jenkins Zephyr for JIRA Test Management Plugin 1.5 and previous versions stores its credentials in plain text in a global configuration file on the Jenkins master file system.
Jenkins Zephyr For Jira Test Management
4.3
CVSSv3
CVE-2020-2215
A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and previous versions allows malicious users to connect to an attacker-specified HTTP server using attacker-specified username and password.
Jenkins Zephyr For Jira Test Management
4.3
CVSSv3
CVE-2020-2216
A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password.
Jenkins Zephyr For Jira Test Management
NA
CVE-2023-4261
HNS-2023-03 - HN Security Advisory - Multiple vulnerabilities in Zephyr RTOS
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »