Vulnerability Summary for the Week of September 4, 2023 🔗
09/11/2023 04:30 PM EDT
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| canonical_ltd. — snapd_for_linux | Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected – this can only be exploited when snaps are run on a virtual console. | 2023-09-01 | 10 | CVE-2023-1523 MISC MISC MISC MISC |
| bmc — server_automation | BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass. | 2023-09-05 | 9.8 | CVE-2017-9453 MISC |
| mybb — mybb | Installer RCE on settings file write in MyBB before 1.8.22. | 2023-09-01 | 9.8 | CVE-2020-22612 MISC |
| qualcomm — sd855 | A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model (e.g., from a remote source). | 2023-09-05 | 9.8 | CVE-2023-28543 MISC |
| qualcomm — aqt1000 | Memory corruption while handling payloads from remote ESL. | 2023-09-05 | 9.8 | CVE-2023-28562 MISC |
| qualcomm — fastconnect_6800 | Memory corruption in WLAN Firmware while parsing received GTK Keys in GTK KDE. | 2023-09-05 | 9.8 | CVE-2023-28581 MISC |
| samsung_mobile — health | Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary file with Samsung Health privilege. | 2023-09-06 | 9.8 | CVE-2023-30723 MISC |
| open_automation_software — oas_platform | An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability. | 2023-09-05 | 9.8 | CVE-2023-31242 MISC MISC |
| bookreen — bookreen | Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0. | 2023-09-05 | 9.8 | CVE-2023-3374 MISC |
| osoft — paint_production_management | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Osoft Paint Production Management allows SQL Injection. This issue affects Paint Production Management: before 2.1. | 2023-09-05 | 9.8 | CVE-2023-35065 MISC |
| bma — personnel_tracking_system | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in BMA Personnel Tracking System allows SQL Injection. This issue affects Personnel Tracking System: before 20230904. | 2023-09-05 | 9.8 | CVE-2023-35068 MISC |
| coyav_travel — proagent | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Coyav Travel Proagent allows SQL Injection. This issue affects Proagent: before 20230904. | 2023-09-05 | 9.8 | CVE-2023-35072 MISC |
| pocketmanga — smanga | SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in php/history/add.php. | 2023-09-01 | 9.8 | CVE-2023-36076 MISC |
| macwk — icecms | An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser. | 2023-09-01 | 9.8 | CVE-2023-36100 MISC |
| mava — hotel_management_system | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Mava Software Hotel Management System allows SQL Injection. This issue affects Hotel Management System: before 2.0. | 2023-09-05 | 9.8 | CVE-2023-3616 MISC |
| netgear — cbr40 | Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd. | 2023-09-01 | 9.8 | CVE-2023-36187 MISC |
| relic — relic | Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad |
2023-09-01 | 9.8 | CVE-2023-36326 MISC MISC |
| relic — relic | Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e2 |
2023-09-01 | 9.8 | CVE-2023-36327 MISC MISC |
| libtom — libtommath | Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94 |
2023-09-01 | 9.8 | CVE-2023-36328 MISC FEDORA |
| web-audimex — audimexee | Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter. | 2023-09-05 | 9.8 | CVE-2023-36361 MISC MISC MISC |
| proscend — m357-5g | Proscend Advice ICR Series routers FW version 1.76 – CWE-1392: Use of Default Credentials | 2023-09-03 | 9.8 | CVE-2023-3703 MISC |
| synel — synergy/a | Synel Terminals – CWE-494: Download of Code Without Integrity Check | 2023-09-03 | 9.8 | CVE-2023-37220 MISC |
| asus — rt-ax56u | It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. | 2023-09-07 | 9.8 | CVE-2023-39238 MISC |
| asus — rt-ax56u | It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. | 2023-09-07 | 9.8 | CVE-2023-39239 MISC |
| asus — rt-ax56u | It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. | 2023-09-07 | 9.8 | CVE-2023-39240 MISC |
| cacti — cacti | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-05 | 9.8 | CVE-2023-39361 MISC |
| langchain — langchain | An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. | 2023-09-01 | 9.8 | CVE-2023-39631 MISC MISC |
| abuquant — abupy | abupy up to v0.4.0 was discovered to contain a SQL injection vulnerability via the component abupy.MarketBu.ABuSymbol. |
2023-09-05 | 9.8 | CVE-2023-39654 MISC MISC |
| cuppa_cms — cuppa_cms | Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload. | 2023-09-05 | 9.8 | CVE-2023-39681 MISC |
| moxa — mxsecurity | There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values. | 2023-09-02 | 9.8 | CVE-2023-39979 MISC |
| digitatek — smartrise_document_management_ |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Digita Information Technology Smartrise Document Management System allows SQL Injection.This issue affects Smartrise Document Management System: before Hvl-2.0. | 2023-09-05 | 9.8 | CVE-2023-4034 MISC |
| diaowen — dwsurvey | File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file. | 2023-09-01 | 9.8 | CVE-2023-40980 MISC |
| bolo-solo — bolo-solo | File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header. | 2023-09-05 | 9.8 | CVE-2023-41009 MISC MISC MISC |
| f-revocrm — f-revocrm | F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injection vulnerability. If this vulnerability is exploited, an attacker who can access the product may execute an arbitrary OS command on the server where the product is running. | 2023-09-06 | 9.8 | CVE-2023-41149 MISC MISC |
| metaways_infosystems_gmbh — tine | In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection. | 2023-09-01 | 9.8 | CVE-2023-41364 MISC MISC MISC |
| super_store_finder — super_store_finder | Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters. | 2023-09-05 | 9.8 | CVE-2023-41507 MISC MISC |
| neutron — smart_vms | Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication Bypass.This issue affects Neutron Smart VMS: before b1130.1.0.1. | 2023-09-05 | 9.8 | CVE-2023-4178 MISC |
| lldpd — lldpd | An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c. | 2023-09-05 | 9.8 | CVE-2023-41910 MISC MISC |
| mestav — e-commerce_software | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Mestav Software E-commerce Software allows SQL Injection. This issue affects E-commerce Software: before 20230901. | 2023-09-05 | 9.8 | CVE-2023-4531 MISC |
| lg — lg_led_assistant | This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. | 2023-09-04 | 9.8 | CVE-2023-4613 MISC MISC |
| lg — lg_led_assistant | This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/ |
2023-09-04 | 9.8 | CVE-2023-4614 MISC MISC |
| wordpress — wordpress | The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the ‘mla_stream_file’ parameter from the ~/includes/mla-stream-image. |
2023-09-06 | 9.8 | CVE-2023-4634 MISC MISC MISC MISC MISC |
| infosoftbd — clcknshop | A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /collection/all of the component GET Parameter Handler. The manipulation of the argument tag leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-238571. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-01 | 9.8 | CVE-2023-4708 MISC MISC MISC |
| suntront — smart_table_integrated_ |
A vulnerability, which was classified as critical, was found in Xintian Smart Table Integrated Management System 5.6.9. This affects an unknown part of the file /SysManage/AddUpdateRole.aspx. The manipulation of the argument txtRoleName leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238575. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-01 | 9.8 | CVE-2023-4712 MISC MISC MISC |
| byzoro — smart_s85f_management_platform | A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S85F Management Platform up to 20230820 on Smart. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php. The manipulation of the argument 1_file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238628. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-03 | 9.8 | CVE-2023-4739 MISC MISC MISC |
| tenda — ac8 | A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. It has been declared as critical. Affected by this vulnerability is the function formSetDeviceName. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238633 was assigned to this vulnerability. | 2023-09-04 | 9.8 | CVE-2023-4744 MISC MISC MISC |
| dedecms — dedecms | A vulnerability classified as critical was found in DedeCMS 5.7.110. This vulnerability affects unknown code of the file /uploads/tags.php. The manipulation of the argument tag_alias leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238636. | 2023-09-04 | 9.8 | CVE-2023-4747 MISC MISC MISC MISC |
| sourcecodester — inventory_management_system | A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238638 is the identifier assigned to this vulnerability. | 2023-09-04 | 9.8 | CVE-2023-4749 MISC MISC MISC |
| adobe — adobe_commerce | Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper input validation vulnerability within the CMS page scheduled update feature. An authenticated attacker with administrative privilege could leverage this vulnerability to achieve remote code execution on the system. | 2023-09-06 | 9.1 | CVE-2021-36021 MISC |
| adobe — adobe_commerce | Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. | 2023-09-06 | 9.1 | CVE-2021-36023 MISC |
| adobe — adobe_commerce | Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper access control vulnerability within Magento’s Media Gallery Upload workflow. By storing a specially crafted file in the website gallery, an authenticated attacker with administrative privilege can gain access to delete the .htaccess file. This could result in the attacker achieving remote code execution. | 2023-09-06 | 9.1 | CVE-2021-36036 MISC |
| ibm — financial_transaction_manager | IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 258786. | 2023-09-05 | 9.1 | CVE-2023-35892 MISC MISC |
| ahwx — librey | LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `image_proxy.php` file of LibreY before commit 8f9b9803f231e2954e5b49987a532d |
2023-09-04 | 9.1 | CVE-2023-41054 MISC MISC |
| hewlett_packard_enterprise — aruba_airwave | Aruba AirWave |
