Security Vulnerabilities - CVEs Published In December 2023
An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to bypass intended access restrictions via interaction with com.funprime.calldialer.ui.activities.OutgoingActivity.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-12-27
An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-12-27
The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData.
CVSS Score
9.8
EPSS Score
0.006
Published
2023-12-27
Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K (AES) encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it decrypt the TLS secret.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-12-27
The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.9_20231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-12-27
The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity.
CVSS Score
9.8
EPSS Score
0.011
Published
2023-12-27
json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-12-27
hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-27
A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because "the only thing that you could expect is that the parser will take a crazy amount of time to complete its task."
CVSS Score
5.3
EPSS Score
0.001
Published
2023-12-27
The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-27