Lucene search
K

140 matches found

Cvelist
Cvelist
added 2024/08/12 2:54 p.m.34 views

CVE-2024-21550

SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site...

6.1CVSS0.00377EPSS
Exploits0References4
OSV
OSV
added 2024/08/12 2:54 p.m.10 views

CVE-2024-21550

SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site...

6.1CVSS6.4AI score0.00377EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/08/12 12:0 a.m.7 views

PT-2024-18962 · Steve · Steve

Name of the Vulnerable Software and Affected Versions: SteVe affected versions not specified Description: SteVe is an open platform that implements different versions of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points...

6.1CVSS6.5AI score0.00377EPSS
Exploits0References12
CNNVD
CNNVD
added 2024/08/12 12:0 a.m.7 views

SteVe 安全漏洞

SteVe is an open platform open-sourced by the SteVe Community. It is used to implement, test and evaluate novel ideas for electric vehicles, such as authentication protocols, charging point reservation mechanisms and business models for electric vehicles. A security vulnerability exists in SteVe...

6.1CVSS6.4AI score0.00377EPSS
Exploits0References5
OSV
OSV
added 2024/06/05 3:10 p.m.32 views

GO-2024-2771 Rancher's Steve API Component Improper authorization check allows privilege escalation in github.com/rancher/rancher

Rancher's Steve API Component Improper authorization check allows privilege escalation in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

8.8CVSS8.8AI score0.01071EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/04/24 9:1 p.m.32 views

Rancher's Steve API Component Improper authorization check allows privilege escalation

Impact A flaw discovered in Rancher versions from 2.5.0 up to and including 2.5.9 allows an authenticated user to impersonate any user on a cluster through the Steve API proxy, without requiring knowledge of the impersonated user's credentials. This is due to the Steve API proxy not dropping the...

8.8CVSS6.8AI score0.01071EPSS
Exploits0References3Affected Software1
Openbugbounty
Openbugbounty
added 2024/04/05 1:18 p.m.5 views

stevehillmbe.com Cross Site Scripting vulnerability OBB-3905842

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
NVD
NVD
added 2024/02/13 1:15 a.m.13 views

CVE-2024-25407

SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service DoS by using the predicted transaction ID's to terminate other transactions...

7.5CVSS6.7AI score0.00562EPSS
Exploits0References1
Prion
Prion
added 2024/02/13 1:15 a.m.16 views

Cross site request forgery (csrf)

SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service DoS by using the predicted transaction ID's to terminate other transactions...

7.4AI score0.00562EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/13 12:0 a.m.6 views

SteVe Security Vulnerabilities

SteVe is an open platform open-sourced by the SteVe Community. It is used to implement, test and evaluate novel ideas for electric vehicles, such as authentication protocols, charging point reservation mechanisms and business models for electric vehicles. A security vulnerability exists in SteVe...

7.5CVSS6.9AI score0.00562EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/13 12:0 a.m.7 views

CVE-2024-25407

SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service DoS by using the predicted transaction ID's to terminate other transactions...

7.5AI score0.00562EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/13 12:0 a.m.14 views

CVE-2024-25407

SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service DoS by using the predicted transaction ID's to terminate other transactions...

6.9AI score0.00562EPSS
Exploits0References1
CVE
CVE
added 2024/02/13 12:0 a.m.82 views

CVE-2024-25407

CVE-2024-25407 affects SteVe v3.6.0. The issue is that StartTransaction requests use predictable transaction IDs, enabling an attacker to terminate other transactions and cause a DoS. The CVE records consistently describe this vulnerability and note a PoC in one data source; no concrete remediati...

7.5CVSS7AI score0.00562EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/02/13 12:0 a.m.11 views

CVE-2024-25407

SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service DoS by using the predicted transaction ID's to terminate other transactions...

7.5CVSS7AI score0.00562EPSS
Exploits0References3
NVD
NVD
added 2023/12/26 11:15 p.m.28 views

CVE-2023-52096

SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000. This may lead to a SQL exception in applications,...

7.5CVSS0.00616EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/12/26 11:15 p.m.3 views

CVE-2023-52096

SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000. This may lead to a SQL exception in applications,...

7.5CVSS5.9AI score0.00616EPSS
Exploits1References4
CVE
CVE
added 2023/12/26 12:0 a.m.45 views

CVE-2023-52096

The CVE affects SteVe Community ocpp-jaxb before 0.0.8. It describes generation of invalid timestamps (e.g., month 00) in certain StartTransaction messages, which can trigger SQL exceptions and undermine the integrity of transaction records. Remediation: upgrade to 0.0.8 or later; as a temporary ...

7.5CVSS7.6AI score0.00616EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/12/26 12:0 a.m.27 views

CVE-2023-52096

SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000. This may lead to a SQL exception in applications,...

7.8AI score0.00616EPSS
Exploits1References3
Openbugbounty
Openbugbounty
added 2023/12/13 7:54 p.m.6 views

steve-butler.com Improper Access Control vulnerability OBB-3812434

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
CVE
CVE
added 2023/08/17 8:25 a.m.50 views

CVE-2023-30874

CVE-2023-30874 corresponds to a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress GPS Plotter plugin by St. Pete Design, affecting versions

5.9CVSS6.5AI score0.00389EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder