140 matches found
CVE-2024-21550
SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site...
CVE-2024-21550
SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site...
PT-2024-18962 · Steve · Steve
Name of the Vulnerable Software and Affected Versions: SteVe affected versions not specified Description: SteVe is an open platform that implements different versions of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points...
SteVe 安全漏洞
SteVe is an open platform open-sourced by the SteVe Community. It is used to implement, test and evaluate novel ideas for electric vehicles, such as authentication protocols, charging point reservation mechanisms and business models for electric vehicles. A security vulnerability exists in SteVe...
GO-2024-2771 Rancher's Steve API Component Improper authorization check allows privilege escalation in github.com/rancher/rancher
Rancher's Steve API Component Improper authorization check allows privilege escalation in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...
Rancher's Steve API Component Improper authorization check allows privilege escalation
Impact A flaw discovered in Rancher versions from 2.5.0 up to and including 2.5.9 allows an authenticated user to impersonate any user on a cluster through the Steve API proxy, without requiring knowledge of the impersonated user's credentials. This is due to the Steve API proxy not dropping the...
stevehillmbe.com Cross Site Scripting vulnerability OBB-3905842
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-25407
SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service DoS by using the predicted transaction ID's to terminate other transactions...
Cross site request forgery (csrf)
SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service DoS by using the predicted transaction ID's to terminate other transactions...
SteVe Security Vulnerabilities
SteVe is an open platform open-sourced by the SteVe Community. It is used to implement, test and evaluate novel ideas for electric vehicles, such as authentication protocols, charging point reservation mechanisms and business models for electric vehicles. A security vulnerability exists in SteVe...
CVE-2024-25407
SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service DoS by using the predicted transaction ID's to terminate other transactions...
CVE-2024-25407
SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service DoS by using the predicted transaction ID's to terminate other transactions...
CVE-2024-25407
CVE-2024-25407 affects SteVe v3.6.0. The issue is that StartTransaction requests use predictable transaction IDs, enabling an attacker to terminate other transactions and cause a DoS. The CVE records consistently describe this vulnerability and note a PoC in one data source; no concrete remediati...
CVE-2024-25407
SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service DoS by using the predicted transaction ID's to terminate other transactions...
CVE-2023-52096
SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000. This may lead to a SQL exception in applications,...
CVE-2023-52096
SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000. This may lead to a SQL exception in applications,...
CVE-2023-52096
The CVE affects SteVe Community ocpp-jaxb before 0.0.8. It describes generation of invalid timestamps (e.g., month 00) in certain StartTransaction messages, which can trigger SQL exceptions and undermine the integrity of transaction records. Remediation: upgrade to 0.0.8 or later; as a temporary ...
CVE-2023-52096
SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000. This may lead to a SQL exception in applications,...
steve-butler.com Improper Access Control vulnerability OBB-3812434
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-30874
CVE-2023-30874 corresponds to a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress GPS Plotter plugin by St. Pete Design, affecting versions