Security Vulnerabilities - CVEs Published In December 2023
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo .
CVSS Score
9.8
EPSS Score
0.026
Published
2023-12-26
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand .
CVSS Score
9.8
EPSS Score
0.019
Published
2023-12-26
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo .
CVSS Score
9.8
EPSS Score
0.026
Published
2023-12-26
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetUplinkInfo.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-12-26
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formWifiMacFilterSet.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-12-26
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-12-26
A vulnerability was found in PlusCaptcha Plugin up to 2.0.6 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.14 is able to address this issue. The patch is identified as 1274afc635170daafd38306487b6bb8a01f78ecd. It is recommended to upgrade the affected component. VDB-248954 is the identifier assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-12-26
A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 2.28 is able to address this issue. The name of the patch is d2ede580474665af56ff262a05783fbabe4529b8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248956.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-12-26
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in the function fz_new_pixmap_from_float_data() of pixmap.c.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-26
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-26