CVE-2023-42468

MEDIUM Year: 2023
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-269
View all →

Vulnerability Description

The com.cutestudio.colordialer application through 2.1.8-2 for Android allows a remote attacker to initiate phone calls without user consent, because of improper export of the com.cutestudio.dialer.activities.DialerActivity component. A third-party application (without any permissions) can craft an intent targeting com.cutestudio.dialer.activities.DialerActivity via the android.intent.action.CALL action in conjunction with a tel: URI, thereby placing a phone call.

Related Vulnerabilities

CVE-2012-1104

MEDIUM
CVSS:5.3(Medium)

A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.

CWE-2692012

CVE-2015-8032

MEDIUM
CVSS:5.3(Medium)

In Textpattern 4.5.7, an unprivileged author can change an article's markup setting.

CWE-2692015

CVE-2017-0360

MEDIUM
CVSS:5.3(Medium)

file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerabili...

CWE-2692017

CVE-2017-7782

MEDIUM
CVSS:5.3(Medium)

An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating syst...

CWE-2692017

CVE-2017-9662

MEDIUM
CVSS:5.3(Medium)

An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Monitouch V-SFT is installed in a directory with weak access controls by defa...

CWE-2692017

CVE-2018-0573

MEDIUM
CVSS:5.3(Medium)

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site use...

CWE-2692018