CVE-2024-37310 : EVEREST CORE PRIOR 2024.3.1/2024.6.0 V2G_SERVER.CPP V2G_INCOMING_V2GTP HEAP-BASED OVERFLOW

Description

EVerest is an EV charging software stack. An integer overflow in the “v2g_incoming_v2gtp” function in the v2g_server.cpp implementation can allow a remote attacker to overflow the process’ heap. This vulnerability is fixed in 2024.3.1 and 2024.6.0.

References

https://github.com/EVerest/everest-core/security/advisories/GHSA-8g9q-7qr9-vc96

https://github.com/EVerest/everest-core/commit/f73620c4c0f626e1097068a47e10cc27b369ad8e

https://github.com/EVerest/everest-core/releases/tag/2024.3.1

https://github.com/EVerest/everest-core/releases/tag/2024.6.0

For More Information

CVERecord

Contact us to get started

CVE-2024-20418 : CISCO IOS XE CONTROLLER WEB-BASED MANAGEMENT INTERFACE COMMAND INJECTION

Description A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB)

Learn more

CVE-2024-20536 : CISCO DATA CENTER NETWORK MANAGER 12.1.2E/12.1.2P/12.1.3B WEB-BASED MANAGEMENT INTERFACE/REST API ENDPOINT SQL INJECTION

Description A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could

Learn more

CVE-2024-50340 : SYMFONY INJECTION

Description symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the

Learn more