sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-12-09
Updated
2023-12-12
The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated configuration packet to select the Windows template database, which allows bypass of Windows Hello authentication by enrolling an attacker's fingerprint.
Max CVSS
6.4
EPSS Score
0.05%
Published
2023-12-09
Updated
2023-12-13
IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensemble SQL injection.
Max CVSS
9.1
EPSS Score
0.08%
Published
2023-12-09
Updated
2023-12-14
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug."
Max CVSS
5.3
EPSS Score
0.06%
Published
2023-12-09
Updated
2024-01-04
`nuxt-api-party` is an open source module to proxy API requests. The library allows the user to send many options directly to `ofetch`. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions are obtained directly from the request body. A malicious user can construct a URL known to not fetch successfully, then set the retry attempts to a high value, this will cause a stack overflow as ofetch error handling works recursively resulting in a denial of service. This issue has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should limit ofetch options.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-09
Updated
2023-12-13
`nuxt-api-party` is an open source module to proxy API requests. nuxt-api-party attempts to check if the user has passed an absolute URL to prevent the aforementioned attack. This has been recently changed to use the regular expression `^https?://`, however this regular expression can be bypassed by an absolute URL with leading whitespace. For example `\nhttps://whatever.com` which has a leading newline. According to the fetch specification, before a fetch is made the URL is normalized. "To normalize a byte sequence potentialValue, remove any leading and trailing HTTP whitespace bytes from potentialValue.". This means the final request will be normalized to `https://whatever.com` bypassing the check and nuxt-api-party will send a request outside of the whitelist. This could allow us to leak credentials or perform Server-Side Request Forgery (SSRF). This vulnerability has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should revert to the previous method of detecting absolute URLs.
Max CVSS
7.5
EPSS Score
0.08%
Published
2023-12-09
Updated
2023-12-13
OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of `Multicall.sol` released in `@openzeppelin/contracts@4.9.4` and `@openzeppelin/contracts-upgradeable@4.9.4`, all subcalls are executed twice. Concretely, this exposes a user to unintentionally duplicate operations like asset transfers. The duplicated delegatecall was removed in version 4.9.5. The 4.9.4 version is marked as deprecated. Users are advised to upgrade. There are no known workarounds for this issue.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-09
Updated
2023-12-13
PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if **all** the following are satisfied: 1. The user runs an application containing either `matplotlib` or `win32com`. 2. The application is ran as administrator (or at least a user with higher privileges than the attacker). 3. The user's temporary directory is not locked to that specific user (most likely due to `TMP`/`TEMP` environment variables pointing to an unprotected, arbitrary, non default location). Either: A. The attacker is able to very carefully time the replacement of a temporary file with a symlink. This switch must occur exactly between `shutil.rmtree()`'s builtin symlink check and the deletion itself B: The application was built with Python 3.7.x or earlier which has no protection against Directory Junctions links. The vulnerability has been addressed in PR #7827 which corresponds to `pyinstaller >= 5.13.1`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Max CVSS
8.8
EPSS Score
0.04%
Published
2023-12-09
Updated
2023-12-19
Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attack via modified client->server commands to overwrite files outside the sub directory the server has provided for the transient session. Files which can be accessed are limited to those that the server process has access to. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.602. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Max CVSS
7.2
EPSS Score
0.05%
Published
2023-12-08
Updated
2023-12-08
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with `Collabora Online - Built-in CODE Server` app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.601. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Max CVSS
7.1
EPSS Score
0.05%
Published
2023-12-08
Updated
2023-12-08
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-12-08
Updated
2023-12-12
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-12-08
Updated
2023-12-12
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-12-08
Updated
2023-12-12
Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-12-08
Updated
2023-12-11
An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-12-08
Updated
2023-12-11
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack.
Max CVSS
9.8
EPSS Score
0.11%
Published
2023-12-08
Updated
2023-12-11
In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-12-08
Updated
2023-12-12
Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. The 'sid' parameter in the group_status.asp resource allows an attacker to escalate privileges and obtain sensitive information.
Max CVSS
9.8
EPSS Score
0.11%
Published
2023-12-08
Updated
2023-12-12
Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-12-08
Updated
2023-12-12
In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-12-08
Updated
2023-12-13
Toggle Search Form
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!