Security Vulnerabilities - CVEs Published In May 2023
An issue was discovered in Faronics Insight 10.0.19045 on Windows. Attacker-supplied input is not validated/sanitized before being rendered in both the Teacher and Student Console applications, enabling an attacker to execute JavaScript in these applications. Due to the rich and highly privileged functionality offered by the Teacher Console, the ability to silently exploit Cross Site Scripting (XSS) on the Teacher Machine enables remote code execution on any connected student machine (and the teacher's machine).
CVSS Score
6.1
EPSS Score
0.002
Published
2023-05-31
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission.
CVSS Score
7.1
EPSS Score
0.0
Published
2023-05-30
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.
CVSS Score
3.3
EPSS Score
0.0
Published
2023-05-30
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission.
CVSS Score
7.1
EPSS Score
0.0
Published
2023-05-30
The Call Blocker application 6.6.3 for Android incorrectly opens a key component that an attacker can use to inject large amounts of dirty data into the application's database. When the application starts, it loads the data from the database into memory. Once the attacker injects too much data, the application triggers an OOM error and crashes, resulting in a persistent denial of service.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-05-30
The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that is related to user privacy settings and affects the implementation of the normal functionality of the application. An attacker can use this to cause an escalation of privilege attack.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-05-30
The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-05-30
An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause code execution and escalation of Privileges via the database files.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-05-30
An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-05-30
An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause a denial of service attack by manipulating the database.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-30