8
CVE-2024-23963 - Alpine Halo9 Stack-based Buffer Overflow
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists wβ¦
5.3
CVE-2024-23962 - Alpine Halo9 Missing Authentication
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue resuβ¦
2.6
CVE-2023-6195 - Server-Side Request Forgery (SSRF) in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image vβ¦
6.4
CVE-2024-1211 - Cross-Site Request Forgery (CSRF) in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on GitLab instances configured to use JWT as an OmniAuth β¦
8.8
CVE-2024-23971 - ChargePoint Home Flex OCPP bswitch Command Injection
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OCPP messages. The issue results from tβ¦
6.5
CVE-2024-23970 - ChargePoint Home Flex Improper Certificate Validation
This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CURLOPT_SSL_VERIFYHOST setting. The issue reβ¦
8.8
CVE-2024-23969 - ChargePoint Home Flex wlanchnllst Out-Of-Bounds Write
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanchnllst function. The issue results from the laβ¦
8.8
CVE-2024-23968 - ChargePoint Home Flex SrvrToSmSetAutoChnlListMsg Stack-based Buffer Overflow
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SrvrToSmSetAutoChnlListMsg function. The issue resuβ¦
8.8
CVE-2024-23973 - Silicon Labs Gecko OS HTTP GET Request Handling Stack-based Buffer Overflow
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.Β The specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of prβ¦
7.5
CVE-2024-24731 - Silicon Labs Gecko OS http_download Stack-based Buffer Overflow
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the http_download command. The issue results from tβ¦