Security Vulnerabilities - CVEs Published In September 2023
Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
CVSS Score
3.1
EPSS Score
0.002
Published
2023-09-27
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-09-27
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-09-27
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-09-27
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-09-27
he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers.
CVSS Score
3.6
EPSS Score
0.0
Published
2023-09-27
he vulnerability is to delete arbitrary files in LGInstallService ("com.lge.lginstallservies") app. The app contains the exported "com.lge.lginstallservies.InstallService" service that exposes an AIDL interface. All its "installPackage*" methods are finally calling the "installPackageVerify()" method that performs signature validation after the delete file method. An attacker can control conditions so this security check is never performed and an attacker-controlled file is deleted.
CVSS Score
5.0
EPSS Score
0.0
Published
2023-09-27
The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by launching this activity and then sending a broadcast with the "com.lge.message.action.QCLIP" action. The attacker can send, e.g., their own data/clipdata and set Intent.FLAG_GRANT_* flags. After the attacker received that intent in the "onActivityResult()" method, they would have access to arbitrary content providers that have the `android:grantUriPermissions="true"` flag set.
CVSS Score
3.6
EPSS Score
0.0
Published
2023-09-27
Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-09-27
Sensitive information disclosure due to cleartext storage of sensitive information in memory. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.
CVSS Score
2.2
EPSS Score
0.001
Published
2023-09-27