Security Vulnerabilities - CVEs Published In December 2023
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-12-06
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-12-06
TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-12-06
Exposure of Proxy Administrator Credentials
An authenticated administrator equivalent Filr user can access the credentials of proxy administrators.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-12-06
Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-12-06
Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs.
CVSS Score
5.3
EPSS Score
0.005
Published
2023-12-06
The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.
Successful exploitation of this vulnerability may allow attackers to access restricted functions.
CVSS Score
8.8
EPSS Score
0.0
Published
2023-12-06
Vulnerability of data verification errors in the kernel module. Successful exploitation of this vulnerability may cause WLAN interruption.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-06
Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module. Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-06
Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-12-06