Lucene search
K

68 matches found

NVD
NVD
added 2025/01/09 8:15 a.m.10 views

CVE-2024-43652

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701 Likelihood: Moderate – The binary does not seem to be used by the web interface, ...

9.3CVSS0.01899EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/09 7:56 a.m.6 views

CVE-2024-43651 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC models before version 241207101 Likelihood: Moderate – The binary does not seem to be used by the web interface, so it...

9.3CVSS7.9AI score0.01658EPSS
Exploits0References3
CVE
CVE
added 2025/01/09 7:56 a.m.48 views

CVE-2024-43658

CVE-2024-43658 concerns Iocharger Home firmware prior to 25010801. The issue is a patch traversal/external control of file name or path vulnerability that allows an authenticated attacker to delete arbitrary files on the charging station, potentially removing binaries and compromising integrity a...

7.2CVSS7.1AI score0.00513EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/09 7:56 a.m.6 views

CVE-2024-43661 Buffer overflow in <redacted>.so leads to DoS of OCPP service

The .so library, which is used by , is vulnerable to a buffer overflow in the code that handles the deletion of certificates. This buffer overflow can be triggered by providing a long file path to the action of the .exe CGI binary or to the .sh CGI script. This binary or script will write this fi...

7.1CVSS8.5AI score0.00479EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/09 7:56 a.m.6 views

CVE-2024-43657 When uploading new firmware, a shell script inside a firmware file is executed during its processing. This can be used to craft a custom firmware file with a custom script with arbitrary code, which will then be executed on the charging station.

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: High. However, the attacker will need a low privilege account to gai...

9.3CVSS8.3AI score0.01437EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/09 7:56 a.m.15 views

CVE-2024-43661 Buffer overflow in <redacted>.so leads to DoS of OCPP service

The .so library, which is used by , is vulnerable to a buffer overflow in the code that handles the deletion of certificates. This buffer overflow can be triggered by providing a long file path to the action of the .exe CGI binary or to the .sh CGI script. This binary or script will write this fi...

7.1CVSS0.00479EPSS
Exploits0References3
CVE
CVE
added 2025/01/09 7:56 a.m.46 views

CVE-2024-43661

The CVE-2024-43661 entry describes a buffer overflow in the .so library used by iocharger’s AC-model firmware, exploitable by sending a long file path to the .exe CGI binary or .sh CGI script. The vulnerability affects Iocharger firmware before 24120701. Impact is high: the process (likely OCPP)...

9.8CVSS7.8AI score0.00479EPSS
Exploits0References3
CVE
CVE
added 2025/01/09 7:56 a.m.49 views

CVE-2024-43660

The CVE-2024-43660 issue affects Iocharger AC model chargers running firmware before 24120701. A CGI script (.sh) can be abused to download arbitrary files from the device filesystem (e.g., /etc/shadow, script source, binaries, config files). Attack is network-exposed and can be executed with low...

7.5CVSS7.1AI score0.00562EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/09 7:56 a.m.9 views

CVE-2024-43656 A backup can be manipulated and then restored to create arbitrary files inside the <redacted> directory. A CGI script can be added to the web directory this way, allowing for full remote code execution.

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – It might be difficult for an attacker to identify the fil...

9.3CVSS7.8AI score0.01453EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/09 7:56 a.m.14 views

CVE-2024-43663 Buffer overflow vulnerabilities in CGI scripts lead to segfault

There are many buffer overflow vulnerabilities present in several CGI binaries of the charging station.This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: High – Given the prevalence of these buffer overflows, and the clear error message of the web...

5.3CVSS0.00969EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/09 7:56 a.m.13 views

CVE-2024-43662 Authenticated arbitrary file upload to /tmp/ and /tmp/upload/

The .exe or .exe CGI binary can be used to upload arbitrary files to /tmp/upload/ or /tmp/ respectively as any user, although the user interface for uploading files is only shown to the iocadmin user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderat...

5.3CVSS0.00587EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/11/18 11:48 p.m.36 views

Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`

Summary Versions of step-security/harden-runner prior to v2.10.2 contain multiple command injection weaknesses via environment variables that could potentially be exploited under specific conditions. However, due to the current execution order of pre-steps in GitHub Actions and the placement of...

8.8CVSS7.4AI score0.02684EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2024/11/18 11:48 p.m.8 views

GHSA-G85V-WF27-67XC Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`

Summary Versions of step-security/harden-runner prior to v2.10.2 contain multiple command injection weaknesses via environment variables that could potentially be exploited under specific conditions. However, due to the current execution order of pre-steps in GitHub Actions and the placement of...

8.8CVSS6.8AI score0.02684EPSS
Exploits0References10
Wordfence Blog
Wordfence Blog
added 2024/11/14 7:29 p.m.104 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 4, 2024 to November 10, 2024)

Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through December 9th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are in-scop...

10CVSS9.9AI score0.33856EPSS
Exploits28
GithubExploit
GithubExploit
added 2024/10/19 1:50 p.m.1331 views

Exploit for Code Injection in Grafana

CVE-2024-9264 Grafana Post-Auth DuckDB SQL Injection RCE...

9.9CVSS9.2AI score0.97781EPSS
Exploits10
OpenVAS
OpenVAS
added 2024/10/17 12:0 a.m.34 views

OpenSSL OOB Memory Access Vulnerability (20241016) - Windows

OpenSSL is prone to an out of bound OOB memory access vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS4.9AI score0.05966EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/10/02 12:0 a.m.16 views

WordPress PWA Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS)

Software PWA Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8967 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c235cb7639b9 Credits Francesco Carlucci Required privileg...

6.4CVSS5.8AI score0.00302EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/09/06 1:10 p.m.19 views

CVE-2024-45405 gix-path improperly resolves configuration path reported by Git

gix-path is a crate of the gitoxide project an implementation of git written in Rust dealing paths and their conversions. Prior to version 0.10.11, gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or...

6CVSS6.9AI score0.00257EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/09/05 9:19 p.m.18 views

Interchain Security: The signers of ICS messages do not need to match the provider address

Context ICS has the following four messages that enable validators on the provider chain to perform different actions: - MsgOptIn -- adds a validator to the consumer chain’s active set - MsgOptOut -- removes a validator from the consumer chain’s active set - MsgAssignConsumerKey -- changes the...

7AI score
Exploits0References2Affected Software5
OSV
OSV
added 2024/09/05 9:19 p.m.5 views

GHSA-7Q74-G774-7X3G Interchain Security: The signers of ICS messages do not need to match the provider address

Context ICS has the following four messages that enable validators on the provider chain to perform different actions: - MsgOptIn -- adds a validator to the consumer chain’s active set - MsgOptOut -- removes a validator from the consumer chain’s active set - MsgAssignConsumerKey -- changes the...

7AI score
Exploits0References2
Rows per page
Query Builder