CVE-2024-23969 – ChargePoint Home Flex wlanchnllst Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23969
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. ... An attacker can leverage this vulnerability to execute code in the context of root. •
CVE-2024-23920 – ChargePoint Home Flex onboardee Improper Access Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23920
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. ... An attacker can leverage this vulnerability to execute code in the context of root. •
CVE-2024-39651 – WordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Unauthenticated Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-39651
The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 4.9.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/vulnerability/woocommerce-pdf-vouchers/wordpress-woocommerce-pdf-vouchers-plugin-4-9-5-unauthenticated-arbitrary-file-deletion-vulnerability? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-23968 – ChargePoint Home Flex SrvrToSmSetAutoChnlListMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23968
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. ... An attacker can leverage this vulnerability to execute code in the context of root. •
CVE-2024-23971 – ChargePoint Home Flex OCPP bswitch Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23971
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. ... The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. •