Released 11 October 2023 CVE (Common Vulnerabilities and Exposures)

Adobe Bridge Vulnerabilities:

CVE-2023-38216

• Type: Use After Free
• Detail: Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by a Use After Free vulnerability that could lead to the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2023-38217

• Type: Out-of-bounds Read
• Detail: Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

TIBCO Software Inc. Vulnerability:

CVE-2023-26220

• Type: Stored Cross Site Scripting (XSS)
• Detail: The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server.

PHPJabbers Vulnerabilities:

CVE-2023-36127

• Type: User Enumeration
• Detail: User enumeration is found in PHPJabbers Appointment Scheduler 3.0 during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

CVE-2023-36126

• Type: Cross Site Scripting (XSS)
• Detail: There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0.

GitHub Vulnerability:

CVE-2023-5511

• Type: Cross-Site Request Forgery (CSRF)
• Detail: Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.

e-Gov Client Application Vulnerability:

CVE-2023-44689

• Type: Improper Authorization
• Detail: e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the user may become a victim of a phishing attack.

MR-GM Firmware Vulnerability:

CVE-2023-45194

• Type: Use of Default Credentials
• Detail: Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication when the affected product performs the communication without changing the pre-shared key from the factory-default configuration.

Xiaomi Router Vulnerabilities:

CVE-2023-26318

• Type: Classic Buffer Overflow
• Detail: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers.

CVE-2023-26320

• Type: Command Injection
• Detail: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.

CVE-2023-26319

• Type: Command Injection
• Detail: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.

BigFix Vulnerabilities:

CVE-2022-44758

• Type: Improper Credential Handling
• Detail: BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized.

CVE-2023-37536

• Type: Integer Overflow
• Detail: An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

CVE-2023-42138

• Type: Out-of-bounds Read
• Detail: Out-of-bounds read vulnerability exists in KV STUDIO Ver. 11.62 and earlier and KV REPLAY VIEWER Ver. 2.62 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user of KV STUDIO PLAYER open a specially crafted file.

CVE-2022-44757

• Type: Weak Cryptography
• Detail: BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc.

CVE-2022-42451

• Type: Insecure Credential Storage
• Detail: Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user.

Peplink Surf SOHO Vulnerabilities:

CVE-2023-28381

• Type: OS Command Injection
• Detail: An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2023-27380

• Type: OS Command Injection
• Detail: An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Zebra Technologies Vulnerability:

CVE-2023-4957

• Type: Authentication Bypass
• Detail: A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printer's protected mode must be disabled.

Elenos ETG150 Vulnerability:

CVE-2023-45396

• Type: Insecure Direct Object Reference (IDOR)
• Detail: An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12.

Huawei HarmonyOS Vulnerabilities:

CVE-2023-44109

• Type: Kernel Module
• Detail: Clone vulnerability in the kernel module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44119

• Type: Kernel Module Mutual Exclusion Management
• Detail: Vulnerability of mutual exclusion management in the kernel module. Successful exploitation of this vulnerability will affect availability.

CVE-2023-44096

• Type: Brute-force Attack
• Detail: Vulnerability of brute-force attacks on the device authentication module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44094

• Type: Type Confusion
• Detail: Type confusion vulnerability in the distributed file module. Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-44109

• Type: Clone
• Detail: Clone vulnerability in the huks ta module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44114

• Type: Out-of-bounds Array
• Detail: Out-of-bounds array vulnerability in the dataipa module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-41304

• Type: Parameter Verification
• Detail: Parameter verification vulnerability in the window module. Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window.

CVE-2023-44105

• Type: Permissions Not Strictly Verified
• Detail: Vulnerability of permissions not being strictly verified in the window management module. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-44118

• Type: Undefined Permissions
• Detail: Vulnerability of undefined permissions in the MeeTime module. Successful exploitation of this vulnerability will affect availability and confidentiality.

CVE-2023-44116

• Type: Access Permissions Vulnerability
• Detail: Vulnerability of access permissions not being strictly verified in the APPWidget module. Successful exploitation of this vulnerability may cause some apps to run without being authorized.

CVE-2023-44108

• Type: Distributed File Module CVE
• Detail: Type confusion vulnerability in the distributed file module. Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-44097

• Type: Improper Permission Management
• Detail: Vulnerability of the permission to access device SNs being improperly managed. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44095

• Type: Use-After-Free (UAF) Vulnerability
• Detail: Use-After-Free (UAF) vulnerability in the surfaceflinger module. Successful exploitation of this vulnerability can cause a system crash.

CVE-2023-44107

• Type: Design Defects
• Detail: Vulnerability of defects introduced in the design process in the screen projection module. Successful exploitation of this vulnerability may affect service availability and integrity.

CVE-2023-44106

• Type: API Permission Management
• Detail: API permission management vulnerability in the Fwk-Display module. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-44110

• Type: Out-of-bounds Access
• Detail: Out-of-bounds access vulnerability in the audio module. Successful exploitation of this vulnerability may affect availability.

CVE-2023-44111

• Type: Brute-Force Attacks
• Detail: Vulnerability of brute-force attacks on the device authentication module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44100

• Type: Broadcast Permission Control
• Detail: Broadcast permission control vulnerability in the Bluetooth module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44104

• Type: Broadcast Permission Control
• Detail: Broadcast permission control vulnerability in the Bluetooth module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44101

• Type: Permission Control
• Detail: The Bluetooth module has a vulnerability in permission control for broadcast notifications. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-44102

• Type: Broadcast Permission Control
• Detail: Broadcast permission control vulnerability in the Bluetooth module. Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable.

CVE-2023-44103

• Type: Out-of-bounds Read
• Detail: Out-of-bounds read vulnerability in the Bluetooth module. Successful exploitation of this vulnerability may affect service confidentiality.

GitHub Repository gpac/gpac Vulnerability:

CVE-2023-5520

• Type: Out-of-bounds Read
• Detail: Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

HCL Digital Experience Vulnerability:

CVE-2023-37538

• Type: Cross-Site Scripting (XSS)
• Detail: HCL Digital Experience is susceptible to cross-site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).

Apache ZooKeeper Vulnerability:

CVE-2023-44981

• Type: Authorization Bypass
• Detail: Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like '[email protected]', the authorization check will be skipped. As a result, an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default. Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue. Alternatively, ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue. See the documentation for more details on correct cluster administration.

GitHub Repository tiann/kernelsu Vulnerability:

CVE-2023-5521

• Type: Incorrect Authorization
• Detail: Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9.

TBD Vulnerability:

CVE-2023-35645

• Type: Memory Corruption
• Detail: In tbd of tbd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Inspect Element Ltd Echo.ac Vulnerability:

CVE-2023-38817

• Type: Privilege Escalation
• Detail: An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component.

peplink Surf SOHO HW1 v6.3.5 Vulnerabilities:

CVE-2023-34356

• Type: OS Command Injection
• Detail: An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2023-34354

• Type: Stored Cross-Site Scripting (XSS)
• Detail: A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to the execution of arbitrary JavaScript in another user's browser. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2023-35194

• Type: OS Command Injection
• Detail: An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. This vulnerability is specifically for the system call in the file /web/MANGA/cgi-bin/api.cgi for firmware version 6.3.5 at offset 0x4bde44.

CVE-2023-35193

• Type: OS Command Injection
• Detail: An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. This vulnerability is specifically for the system call in the file /web/MANGA/cgi-bin/api.cgi for firmware version 6.3.5 at offset 0x4bddb8.

Synaptics Vulnerability:

CVE-2023-4936

• Type: DLL Sideload Vulnerability
• Detail: It is possible to sideload a compromised DLL during the installation at elevated privilege.

Koha Library Software Vulnerability:

CVE-2023-44961

• Type: SQL Injection
• Detail: SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component.

DLINK Vulnerability:

CVE-2023-43960

• Type: Privilege Escalation
• Detail: An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component.

vantage6 Vulnerability:

CVE-2023-23930

• Type: Serialization Module Vulnerability
• Detail: vantage6 is privacy-preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issues, as a default serialization module. All users of vantage6 that post tasks with the default serialization are affected. Version 4.0.0 contains a patch. Users may specify JSON serialization as a workaround.

MCL-Net Vulnerability:

CVE-2023-4990

• Type: Directory Traversal
• Detail: Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files.

Yifan YF325 Vulnerabilities:

CVE-2023-32632

• Type: Command Execution
• Detail: A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.

CVE-2023-35966

• Type: Heap-based Buffer Overflow
• Detail: Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities. This integer overflow result is used as an argument for the realloc function.

CVE-2023-32645

• Type: Authentication Bypass
• Detail: A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.

CVE-2023-35055

• Type: Buffer Overflow
• Detail: A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. This buffer overflow is in the next_page parameter in the gozila_cgi function.

CVE-2023-34426

• Type: Stack-based Buffer Overflow
• Detail: A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability.

CVE-2023-35967

• Type: Heap-based Buffer Overflow
• Detail: Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities. This integer overflow result is used as an argument for the malloc function.

CVE-2023-35056

• Type: Buffer Overflow
• Detail: A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. This buffer overflow is in the next_page parameter in the cgi_handler function.

CVE-2023-24479

• Type: Authentication Bypass
• Detail: An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.

CVE-2023-34346

• Type: Stack-based Buffer Overflow
• Detail: A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability.

CVE-2023-35965

• Type: Heap-based Buffer Overflow
• Detail: Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities. This integer overflow result is used as an argument for the malloc function.

CVE-2023-31272

• Type: Stack-based Buffer Overflow
• Detail: A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability.

CVE-2023-35968

• Type: Heap-Based Buffer Overflow
• Detail: Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities. This integer overflow result is used as an argument for the realloc function.

CVE-2023-34365

• Type: Stack-Based Buffer Overflow
• Detail: A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability.