Security Vulnerabilities - CVEs Published In December 2023
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmp_decompress_rle4() of load-bmp.c.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-26
A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-26
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in functon compute_color() of jquant2.c. NOTE: this is disputed by the supplier because there was not reasonable evidence to determine the existence of a vulnerability or identify the affected product.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-26
The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code
CVSS Score
9.8
EPSS Score
0.94
Published
2023-12-26
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-12-26
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations.
The same uri can be operated to realize a SSRF attack also without authorizations.
Users are recommended to upgrade to version 18.12.11, which fixes this issue.
CVSS Score
7.5
EPSS Score
0.816
Published
2023-12-26
A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to address this issue. The patch is named 68af950330c3202a706f0ae9bbb52ceaa17dda9d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248955.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-12-26
An issue was discovered in Open Design Alliance
Drawings SDK before 2024.12. A corrupted value of number
of sectors used by the Fat structure in a crafted DGN file leads to an
out-of-bounds write. An attacker can leverage this vulnerability to execute
code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-12-26
Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
CVSS Score
5.4
EPSS Score
0.013
Published
2023-12-26
Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-12-26