Security Vulnerabilities - CVEs Published In December 2023
Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-12-07
Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-12-07
Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to
versions 11.0.6 and 12.0.4
and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-07
A vulnerability was found in Byzoro Smart S20 up to 20231120 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php of the component HTTP POST Request Handler. The manipulation of the argument 1_file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247154 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-12-07
GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-12-07
Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine.
CVSS Score
6.5
EPSS Score
0.005
Published
2023-12-07
gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-12-07
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-12-07
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-12-07
Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-12-07