Security Vulnerabilities - CVEs Published In December 2023
Some Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure.
CVSS Score
6.6
EPSS Score
0.001
Published
2023-12-29
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.
CVSS Score
4.0
EPSS Score
0.001
Published
2023-12-29
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.
CVSS Score
3.3
EPSS Score
0.001
Published
2023-12-29
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.
CVSS Score
4.0
EPSS Score
0.001
Published
2023-12-29
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.
CVSS Score
3.3
EPSS Score
0.001
Published
2023-12-29
Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution
CVSS Score
6.5
EPSS Score
0.002
Published
2023-12-29
Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user.
CVSS Score
4.8
EPSS Score
0.002
Published
2023-12-29
Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-12-29
A vulnerability classified as critical was found in gopeak MasterLab up to 3.3.10. This vulnerability affects the function sqlInject of the file app/ctrl/Framework.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249148.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-12-29
A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument phone leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249149 was assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-12-29