Security Vulnerabilities - CVEs Published In December 2023
Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-06
Vulnerability of unauthorized file access in the Settings app. Successful exploitation of this vulnerability may cause unauthorized file access.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-12-06
Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-12-06
Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal.
CVSS Score
7.1
EPSS Score
0.005
Published
2023-12-06
Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-12-06
Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering.
CVSS Score
9.8
EPSS Score
0.028
Published
2023-12-06
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.
CVSS Score
6.0
EPSS Score
0.0
Published
2023-12-06
CVE-2023-49897
An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.
Known exploited
CVSS Score
8.8
EPSS Score
0.244
Published
2023-12-06
This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent.
CVSS Score
9.8
EPSS Score
0.072
Published
2023-12-06
Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code.
CVSS Score
9.6
EPSS Score
0.32
Published
2023-12-06