sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-12-09
Updated
2023-12-12
The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated configuration packet to select the Windows template database, which allows bypass of Windows Hello authentication by enrolling an attacker's fingerprint.
Max CVSS
6.4
EPSS Score
0.05%
Published
2023-12-09
Updated
2023-12-13
IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensemble SQL injection.
Max CVSS
9.1
EPSS Score
0.08%
Published
2023-12-09
Updated
2023-12-14
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug."
Max CVSS
5.3
EPSS Score
0.06%
Published
2023-12-09
Updated
2024-01-04
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
Max CVSS
9.8
EPSS Score
9.72%
Published
2023-12-07
Updated
2023-12-20
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-12-07
Updated
2023-12-09
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-12-07
Updated
2023-12-09
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-12-07
Updated
2023-12-09
Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition.
Max CVSS
9.8
EPSS Score
0.32%
Published
2023-12-07
Updated
2023-12-09
Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-07
Updated
2023-12-09
An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is accepted. This could be exploited to alter transaction records or impact system integrity.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-07
Updated
2023-12-13
An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It permits multiple transactions with the same connectorId and idTag, contrary to the expected ConcurrentTx status. This could result in critical transaction management and billing errors. NOTE: the vendor's perspective is "Imagine you've got two cars in your family and want to charge both in parallel on the same account/token? Why should that be rejected?"
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-07
Updated
2023-12-13
An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. A StopTransaction message with any random transactionId terminates active transactions.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-07
Updated
2023-12-13
An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It does not validate the length of the chargePointVendor field in a BootNotification message, potentially leading to server instability and a denial of service when processing excessively large inputs. NOTE: the vendor's perspective is "OCPP.Core is intended for use in a protected environment/network."
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-07
Updated
2023-12-13
Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss (or another extension) to a URL.
Max CVSS
5.3
EPSS Score
0.10%
Published
2023-12-03
Updated
2023-12-07
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-03
Updated
2023-12-07
In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions.
Max CVSS
9.1
EPSS Score
0.08%
Published
2023-12-03
Updated
2023-12-07
app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-12-03
Updated
2023-12-06
InteraXon Muse 2 devices allow remote attackers to cause a denial of service (incorrect Muse App report of an outstanding, calm meditation state) via a 480 MHz RF carrier that is modulated by a "false" brain wave, aka a Brain-Hack attack. For example, the Muse App does not display the reception of a strong RF carrier, and alert the user that a report may be misleading if this carrier has been modulated by a low-frequency signal.
Max CVSS
6.5
EPSS Score
0.07%
Published
2023-12-02
Updated
2023-12-07

CVE-2023-49897

Known exploited
An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.
Max CVSS
8.8
EPSS Score
0.28%
Published
2023-12-06
Updated
2023-12-22
CISA KEV Added
2023-12-21
Toggle Search Form
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!