Show filters
229,455 Total Results
Displaying 1-10 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown

CVE-2022-0878

Disclosure Date: August 01, 2022 (last updated April 12, 2022)
Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY (HPGP) power-line communication (PLC) technology. The attack interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. The attack can be conducted wirelessly from a distance using electromagnetic interference, allowing individual vehicles or entire fleets to be disrupted simultaneously. In addition, the attack can be mounted with off-the-shelf radio hardware and minimal technical knowledge. With a power budget of 1 W, the attack is successful from around 47 m distance. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 & ISO 15118 standards and all known implementations exhibit it. In addition to electric cars, Brokenwire affec…
0
Attacker Value
Unknown

CVE-2022-25900

Disclosure Date: July 01, 2022 (last updated July 01, 2022)
All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git.
0
Attacker Value
Unknown

CVE-2022-25896

Disclosure Date: July 01, 2022 (last updated July 01, 2022)
This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.
0
Attacker Value
Unknown

CVE-2022-25876

Disclosure Date: July 01, 2022 (last updated July 01, 2022)
The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection.
0
Attacker Value
Unknown

CVE-2022-25758

Disclosure Date: July 01, 2022 (last updated July 01, 2022)
All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.
0
Attacker Value
Unknown

CVE-2022-25898

Disclosure Date: July 01, 2022 (last updated July 01, 2022)
The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method.
0
Attacker Value
Unknown

CVE-2022-2197

Disclosure Date: June 30, 2022 (last updated June 30, 2022)
By using a specific credential string, an attacker with network access to the device’s web interface could circumvent the authentication scheme and perform administrative operations.
0
Attacker Value
Unknown

CVE-2022-22367

Disclosure Date: June 30, 2022 (last updated July 01, 2022)
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008.
0
Attacker Value
Unknown

CVE-2022-33314

Disclosure Date: June 30, 2022 (last updated June 30, 2022)
Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_sdk_file/` API is affected by command injection vulnerability.
0
Attacker Value
Unknown

CVE-2022-33327

Disclosure Date: June 30, 2022 (last updated June 30, 2022)
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove_sniffer_raw_log/` API is affected by a command injection vulnerability.
0