Security Vulnerabilities - CVEs Published In December 2023
LogoBee 0.2 allows updates.php?id= XSS.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-12-30
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-12-30
SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component.
CVSS Score
9.8
EPSS Score
0.176
Published
2023-12-30
A lack of pointer-validation logic in the __scone_dispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-12-30
Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-12-30
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system call layer.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-12-30
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgx_is_within_user.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-12-30
An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC Leak."
CVSS Score
5.5
EPSS Score
0.0
Published
2023-12-30
SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-12-30
SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check.
CVSS Score
9.8
EPSS Score
0.01
Published
2023-12-30