Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2023
CVE-2023-21485
Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-05-04
CVE-2023-21486
Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-05-04
CVE-2023-21487
Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting.
CVSS Score
5.1
EPSS Score
0.0
Published
2023-05-04
CVE-2023-21488
Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips.
CVSS Score
4.4
EPSS Score
0.0
Published
2023-05-04
CVE-2023-21489
Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-05-04
CVE-2023-21490
Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager.
CVSS Score
4.7
EPSS Score
0.0
Published
2023-05-04
CVE-2023-25982
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Eirudo Simple YouTube Responsive plugin <= 2.5 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-05-04
CVE-2023-30094
A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module.
CVSS Score
5.4
EPSS Score
0.007
Published
2023-05-04
CVE-2023-30095
A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field.
CVSS Score
5.4
EPSS Score
0.006
Published
2023-05-04
CVE-2023-30096
A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field.
CVSS Score
5.4
EPSS Score
0.006
Published
2023-05-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved