Security Vulnerabilities - CVEs Published In September 2023
Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-09-21
An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access.
CVSS Score
6.5
EPSS Score
0.008
Published
2023-09-21
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-09-21
SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-21
Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free.
CVSS Score
4.7
EPSS Score
0.001
Published
2023-09-21
CVE-2023-41992
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Known exploited
CVSS Score
7.8
EPSS Score
0.004
Published
2023-09-21
CVE-2023-41993
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Known exploited
CVSS Score
8.8
EPSS Score
0.087
Published
2023-09-21
mee-admin 1.5 is vulnerable to Directory Traversal. The download method in the CommonFileController.java file does not verify the incoming data, resulting in arbitrary file reading.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-09-21
CVE-2023-41991
A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Known exploited
CVSS Score
5.5
EPSS Score
0.072
Published
2023-09-21
Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerability via the model-form-management-field form.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-09-21