Advanced Vulnerability Search
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.
Max Base Score
5.3
Published
2023-09-27
Updated
2023-10-05
EPSS
0.13%
Stored cross-site scripting (XSS) vulnerability in protection plan name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
Max Base Score
6.7
Published
2023-09-27
Updated
2023-09-28
EPSS
0.05%
Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
Max Base Score
9.1
Published
2023-09-27
Updated
2023-09-28
EPSS
0.09%
Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
Max Base Score
5.3
Published
2023-09-27
Updated
2023-09-28
EPSS
0.05%
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php.
Max Base Score
9.8
Published
2023-09-27
Updated
2023-09-27
EPSS
0.11%
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php.
Max Base Score
9.8
Published
2023-09-27
Updated
2023-09-27
EPSS
0.11%
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php.
Max Base Score
9.8
Published
2023-09-27
Updated
2023-09-27
EPSS
0.11%
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php.
Max Base Score
9.8
Published
2023-09-27
Updated
2023-09-27
EPSS
0.11%
Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
Max Base Score
6.5
Published
2023-09-27
Updated
2023-09-28
EPSS
0.05%
Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
Max Base Score
6.5
Published
2023-09-27
Updated
2023-09-28
EPSS
0.05%
Sensitive information disclosure due to cleartext storage of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
Max Base Score
7.5
Published
2023-09-27
Updated
2023-09-28
EPSS
0.09%
Sensitive information disclosure due to insufficient token field masking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
Max Base Score
7.5
Published
2023-09-27
Updated
2023-09-28
EPSS
0.09%
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 35979.
Max Base Score
7.8
Published
2023-09-27
Updated
2023-09-28
EPSS
0.04%
Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
Max Base Score
7.5
Published
2023-09-27
Updated
2023-09-28
EPSS
0.09%
Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
Max Base Score
7.5
Published
2023-09-27
Updated
2023-09-28
EPSS
0.09%
Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
Max Base Score
8.1
Published
2023-09-27
Updated
2023-10-26
EPSS
0.05%
Sensitive information disclosure due to cleartext storage of sensitive information in memory. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.
Max Base Score
7.5
Published
2023-09-27
Updated
2023-09-28
EPSS
0.09%
Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.
Max Base Score
9.1
Published
2023-09-27
Updated
2023-09-28
EPSS
0.09%
The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by launching this activity and then sending a broadcast with the "com.lge.message.action.QCLIP" action. The attacker can send, e.g., their own data/clipdata and set Intent.FLAG_GRANT_* flags. After the attacker received that intent in the "onActivityResult()" method, they would have access to arbitrary content providers that have the `android:grantUriPermissions="true"` flag set.
Max Base Score
3.6
Published
2023-09-27
Updated
2023-10-02
EPSS
0.04%
he vulnerability is to delete arbitrary files in LGInstallService ("com.lge.lginstallservies") app. The app contains the exported "com.lge.lginstallservies.InstallService" service that exposes an AIDL interface. All its "installPackage*" methods are finally calling the "installPackageVerify()" method that performs signature validation after the delete file method. An attacker can control conditions so this security check is never performed and an attacker-controlled file is deleted.
Max Base Score
5.0
Published
2023-09-27
Updated
2023-10-02
EPSS
0.05%