Security Vulnerabilities - CVEs Published In December 2023
Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.
CVSS Score
4.6
EPSS Score
0.0
Published
2023-12-29
Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.
CVSS Score
4.6
EPSS Score
0.0
Published
2023-12-29
A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument FilterExpression leads to code injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249151.
CVSS Score
5.0
EPSS Score
0.001
Published
2023-12-29
A vulnerability, which was classified as critical, was found in gopeak MasterLab up to 3.3.10. Affected is the function base64ImageContent of the file app/ctrl/User.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. VDB-249150 is the identifier assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.002
Published
2023-12-29
Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak
CVSS Score
3.3
EPSS Score
0.001
Published
2023-12-29
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions
CVSS Score
4.0
EPSS Score
0.0
Published
2023-12-29
Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.
CVSS Score
4.0
EPSS Score
0.0
Published
2023-12-29
Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.
CVSS Score
3.3
EPSS Score
0.002
Published
2023-12-29
An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing the journal to be displayed, despite the option being disabled.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-12-29
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-12-29