Show filters
129 Total Results
Displaying 61-70 of 129
Sort by:
Attacker Value
Unknown

CVE-2022-2741

Disclosure Date: October 24, 2022 (last updated February 24, 2025)
The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the vulnerable node contains (if the filter matches RTR frames, the frame must be a data frame or vice versa).
Attacker Value
Unknown

CVE-2022-2839

Disclosure Date: October 03, 2022 (last updated February 24, 2025)
The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins.
Attacker Value
Unknown

CVE-2022-3333

Disclosure Date: September 28, 2022 (last updated February 24, 2025)
A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.2.5 is able to address this issue. It is recommended to upgrade the affected component. VDB-209370 is the identifier assigned to this vulnerability.
Attacker Value
Unknown

CVE-2022-1841

Disclosure Date: September 23, 2022 (last updated February 24, 2025)
In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero.
Attacker Value
Unknown

CVE-2022-2840

Disclosure Date: September 19, 2022 (last updated February 24, 2025)
The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections
Attacker Value
Unknown

CVE-2022-1041

Disclosure Date: July 25, 2022 (last updated February 24, 2025)
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.
Attacker Value
Unknown

CVE-2022-1042

Disclosure Date: July 25, 2022 (last updated February 24, 2025)
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.
Attacker Value
Unknown

CVE-2022-1822

Disclosure Date: June 13, 2022 (last updated February 23, 2025)
The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Attacker Value
Unknown

CVE-2022-0553

Disclosure Date: May 12, 2022 (last updated October 08, 2023)
There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.
Attacker Value
Unknown

CVE-2021-3966

Disclosure Date: February 16, 2022 (last updated October 08, 2023)
usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.