Security Vulnerabilities - CVEs Published In December 2023
SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-12-07
The affected devices use publicly available default credentials with administrative privileges.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-12-07
Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL.
CVSS Score
5.4
EPSS Score
0.008
Published
2023-12-07
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-12-07
In SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive data.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-12-07
The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic.
CVSS Score
9.1
EPSS Score
0.002
Published
2023-12-07
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Michael Uno (miunosoft) Responsive Column Widgets.This issue affects Responsive Column Widgets: from n/a through 1.2.7.
CVSS Score
4.7
EPSS Score
0.003
Published
2023-12-07
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SoftLab Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site.This issue affects Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site: from n/a through 1.3.2.
CVSS Score
4.7
EPSS Score
0.002
Published
2023-12-07
An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It does not validate the length of the chargePointVendor field in a BootNotification message, potentially leading to server instability and a denial of service when processing excessively large inputs. NOTE: the vendor's perspective is "OCPP.Core is intended for use in a protected environment/network."
CVSS Score
7.5
EPSS Score
0.004
Published
2023-12-07
An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. A StopTransaction message with any random transactionId terminates active transactions.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-12-07