99 matches found
CVE-2024-23713
In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2024-23713
In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
PT-2024-20030 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to a possible failure to persist notifications settings due to improper input validation in the migrateNotificationFilter function of NotificationManagerService.jav...
CVE-2024-1898
Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator...
Devolutions Server Security Vulnerability
Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2023.3.14.0 and prior versions, which stems from incorrect access control in the notification...
Apple now requires a judge’s order to hand over your push notification data
Last week, we reported on how US government agencies have been asking Apple and Google for metadata related to push notifications, but the companies arent allowed to tell users about it happening. The content of the notifications is diverse. It ranges from a weather app warning you about rain to ...
Webpushr < 4.35.0 - Unauthenticated Stored XSS
Description The plugin does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks. 1. Woocommerce needs to be installed as well as activating webpushr-web-push-notifications by creating an account. 2. Run the following...
CVE-2023-40934
A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings...
CVE-2023-40934
A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings...
Sql injection
A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings...
CVE-2023-40934
A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings...
XWiki Platform vulnerable to Code injection through NotificationRSSService
Impact Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This can be reproduced with the following steps:...
CVE-2023-36469
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...
CVE-2023-36469 Code injection through NotificationRSSService in XWiki Platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...
CVE-2023-36469 Code injection through NotificationRSSService in XWiki Platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...
XWiki Platform 注入漏洞
XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. An injection vulnerability exists in XWiki Platform versions 9.6-rc-1 through 14.10.6 and 15.0-rc-1 through 15.2-rc-1, which stems from the fact that any user who can edit...
CVE-2023-21135
In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
PT-2023-17927 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-11 through Android-13 Description: The issue is related to a possible failure to persist notifications settings due to improper input validation in the onCreate method of NotificationAccessSettings.java. This could le...
Error: Skipping VM processing due to insufficient free disk space on datastore
Challenge A Backup or Replication job fails with the messages: Production datastore is getting low on free space xx GB left, and may run out of free disk space completely due to open snapshots. Insufficient free disk space on production datastore . Error: Skipping VM processing due to insufficien...
CVE-2022-1605
The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users...