Total
240 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43648 | 2025-03-11 | 8.8 High | ||
| Command injection in the <redacted> parameter of a <redacted>.exe request leads to remote code execution as the root user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – This action is not a common place for command injection vulnerabilities to occur. Thus, an attacker will likely only be able to find this vulnerability by reverse-engineering the firmware or trying it on all <redacted> fields. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a payload. Impact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. CVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). If is a full system compromise, potentially fully compromising confidentiality, integrity and availability of the devicer (VC:H/VI:H/VA:H). A compromised charger can be used to "pivot" onto networks that should otherwise be closed, cause a low confidentiality and interity impact on subsequent systems. (SC:L/SI:L/SA:H). Because this device is an EV charger handing significant amounts of power, we suspect this vulnerability can have a safety impact (S:P). The attack can be automated (AU:Y). | ||||
| CVE-2024-43654 | 2025-03-11 | 8.8 High | ||
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Iocharger firmware for AC models allows OS Command Injection as root This issue affects all Iocharger AC EV charger models on a firmware version before 25010801. Likelihood: Moderate – The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request. Impact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H), and compromised devices can be used to pivot into networks that should potentially not be accessible (SC:L/SI:L/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y). | ||||
| CVE-2024-43651 | 2025-03-11 | N/A | ||
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC models before version 241207101 Likelihood: Moderate – The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request. Impact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. CVSS clarification: Any network connection serving the web interface is vulnerable (AV:N) and there are no additional measures to circumvent (AC:L) nor does the attack require special conditions to be present (AT:N). The attack requires authentication, but the level does not matter (PR:L), nor is user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H) and a compromised device can be used to potentially "pivot" into a network that should nopt be reachable (SC:L/SI:L/SA:H). Because this is an EV charger handing significant power, there is a potential safety impact (S:P). THe attack can be autometed (AU:Y). | ||||
| CVE-2024-43649 | 2025-03-11 | 8.8 High | ||
| Authenticated command injection in the filename of a <redacted>.exe request leads to remote code execution as the root user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – This action is not a common place for command injection vulnerabilities to occur. Thus, an attacker will likely only be able to find this vulnerability by reverse-engineering the firmware or trying it on all <redacted> fields. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a payload. Impact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. CVSS clarification: This attack can be performed over any network conenction serving the web interfacr (AV:N), and there are not additional mitigating measures that need to be circumvented (AC:L) or other prerequisites (AT:N). The attack does require privileges, but the level does not matter (PR:L), there is no user interaction required (UI:N). The attack leeds to a full compromised of the charger (VC:H/VI:H/VA:H) and a compromised charger can be used to "pivot" to networks that should normally not be reachable (SC:L/SI:L/SA:H). Because this is an EV chargers with significant pwoer, there is a potential safety imp0act (S:P). THis attack can be automated (AU:Y). | ||||
| CVE-2023-37412 | 1 Ibm | 1 Aspera Faspex | 2025-03-04 | 4.4 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls. | ||||
| CVE-2023-27010 | 1 Wondershare | 1 Dr.fone | 2025-03-03 | 7.8 High |
| Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable. | ||||
| CVE-2023-38641 | 1 Siemens | 1 Sicam Toolbox Ii | 2025-02-27 | 7.8 High |
| A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). The affected application's database service is executed as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges. | ||||
| CVE-2024-43583 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-26 | 7.8 High |
| Winlogon Elevation of Privilege Vulnerability | ||||
| CVE-2024-49814 | 2025-02-22 | 7.8 High | ||
| IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges. | ||||
| CVE-2023-27247 | 1 Cynet | 1 Client Agent | 2025-02-18 | 4.4 Medium |
| Cynet Client Agent v4.6.0.8010 allows attackers with Administrator rights to disable the EDR functions by disabling process privilege tokens. | ||||
| CVE-2023-0664 | 4 Fedoraproject, Microsoft, Qemu and 1 more | 4 Fedora, Windows, Qemu and 1 more | 2025-02-18 | 7.8 High |
| A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system. | ||||
| CVE-2025-24814 | 2025-02-15 | 5.4 Medium | ||
| Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem. These replacement config files are treated as "trusted" and can use "<lib>" tags to add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin. This issue affects all Apache Solr versions up through Solr 9.7. Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from "FileSystemConfigSetService"). Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling use of "<lib>" tags by default. | ||||
| CVE-2024-2240 | 2025-02-14 | N/A | ||
| Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks. | ||||
| CVE-2023-6186 | 4 Debian, Fedoraproject, Libreoffice and 1 more | 8 Debian Linux, Fedora, Libreoffice and 5 more | 2025-02-13 | 8.3 High |
| Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user. | ||||
| CVE-2023-6185 | 4 Debian, Fedoraproject, Libreoffice and 1 more | 8 Debian Linux, Fedora, Libreoffice and 5 more | 2025-02-13 | 8.3 High |
| Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system. | ||||
| CVE-2024-6913 | 3 Microsoft, Perkin Elmer, Perkinelmer | 3 Windows, Process Plus, Processplus | 2025-02-13 | 8.8 High |
| Execution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a remote shell on the windows system.This issue affects ProcessPlus: through 1.11.6507.0. | ||||
| CVE-2024-27147 | 1 Toshibatec | 50 E-studio-2010-ac, E-studio-2015-nc, E-studio-2018 A and 47 more | 2025-02-13 | 7.4 High |
| The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | ||||
| CVE-2024-27146 | 1 Toshibatec | 50 E-studio-2010-ac, E-studio-2015-nc, E-studio-2018 A and 47 more | 2025-02-13 | 6.7 Medium |
| The Toshiba printers do not implement privileges separation. As for the affected products/models/versions, see the reference URL. | ||||
| CVE-2024-27143 | 1 Toshibatec | 50 E-studio-2010-ac, E-studio-2015-nc, E-studio-2018 A and 47 more | 2025-02-13 | 9.8 Critical |
| Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | ||||
| CVE-2023-39508 | 1 Apache | 1 Airflow | 2025-02-13 | 8.8 High |
| Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0 This issue affects Apache Airflow: before 2.6.0. | ||||