CVE-2025-21599 Junos OS Evolved: Receipt of specifically malformed IPv6 packets causes kernel memory exhaustion leading to Denial of Service

A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver jtd of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service. Receipt of specifically malformed IPv6 packets, destined to the device, causes...

CVE-2024-43663

There are many buffer overflow vulnerabilities present in several CGI binaries of the charging station.This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: High – Given the prevalence of these buffer overflows, and the clear error message of the web...

CVE-2024-43654

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Iocharger firmware for AC models allows OS Command Injection as root This issue affects all Iocharger AC EV charger models on a firmware version before 25010801. Likelihood: Moderate – The binary do...

CVE-2024-43649

Authenticated command injection in the filename of a .exe request leads to remote code execution as the root user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – This action is not a common place for command injection vulnerabilities to occur...

CVE-2024-43649

Summary (CVE-2024-43649) Affected: Iocharger firmware for AC models before version 24120701. Vulnerability: Authenticated command injection in the filename of a .exe request that leads to remote code execution as the root user. Impact: Attacker gains full control over the charging station as root...

CVE-2024-43649 Authenticated command injection via <redacted>.exe <redacted> parameter

Authenticated command injection in the filename of a .exe request leads to remote code execution as the root user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – This action is not a common place for command injection vulnerabilities to occur...

CVE-2024-43650 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Iocharger firmware for AC models allows OS Command Injection as root This issue affects firmware versions before 24120701. Likelihood: Moderate – The binary does not seem to be used by the web...

CVE-2024-43650 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Iocharger firmware for AC models allows OS Command Injection as root This issue affects firmware versions before 24120701. Likelihood: Moderate – The binary does not seem to be used by the web...

CVE-2024-43663 Buffer overflow vulnerabilities in CGI scripts lead to segfault

There are many buffer overflow vulnerabilities present in several CGI binaries of the charging station.This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: High – Given the prevalence of these buffer overflows, and the clear error message of the web...

CVE-2024-6001

An improper certificate validation vulnerability was reported in LADM that could allow a network attacker with the ability to redirect an update request to a remote server and execute code with elevated privileges...

Juniper Junos OS Vulnerability (JSA88134)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA88134 advisory. - An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine pfe Juniper Networks Junos OS on SRX5000 Series allows an unauthenticated,...

Oracle Siebel CRM (April 2014 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by a vulnerability as referenced in the April 2014 CPU advisory. - Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM subcomponent: OpenUI.. Supported versions that are affected are 8.1.1 and 8.2.2...

Improper Certificate Validation

Keycloak is vulnerable to Improper Certificate Validation. The vulnerability is due to improper handling of reverse proxy configurations with mTLS enabled, allowing an attacker on the local network to impersonate any user or client using mTLS for authentication...

CVE-2024-12343

TP-Link VN020 F3v(T) TT_V6.2.1021 is affected, specifically the SOAP Request Handler’s /control/WANIPConnection component where manipulating the NewConnectionType argument triggers a buffer overflow. This vulnerability requires local-network access and has public exploitation information, with po...

CVE-2024-45205

An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point not using UniFi Network Application could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected Products: UniFi iOS App Version 10.17.7 and...

CVE-2024-49038

Improper neutralization of input during web page generation 'Cross-site Scripting' in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network...

edk2: Integer overflows in PeCoffLoaderRelocateImage

A flaw was found in the EDK2 package. This flaw allows an attacker to cause memory corruption due to an overflow via an adjacent network. This issue may lead to loss of confidentiality, integrity, and availability...

PT-2024-8877 · Microsoft · Azure Policywatch

Name of the Vulnerable Software and Affected Versions: Microsoft Azure PolicyWatch affected versions not specified Description: The issue is related to a lack of authentication for a critical function in Microsoft Azure PolicyWatch, allowing an unauthorized attacker to elevate privileges over a...

CVE-2024-8805

BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific flaw exists within...

OESA-2024-2450 openjdk-11 security update

The OpenJDK runtime environment. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23...