34 matches found
Information disclosure
In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification data of another user due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio...
PT-2023-27270 · Google · Android
Name of the Vulnerable Software and Affected Versions: NotificationConversationInfo.java affected versions not specified Description: The issue is related to a logic error in the code of NotificationConversationInfo.java, specifically in the mOnDone method. This error could allow access to app...
CODESYS Development System Improper Enforcement of Message Integrity Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CODESYS Development System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the LearnMoreAction function. The issue results from a missing...
Authorization
Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization...
CVE-2021-25507
Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization...
CVE-2021-25507
CVE-2021-25507 describes an improper authorization vulnerability in the Samsung Flow mobile app before version 4.8.03.5. The issue enables a Samsung Flow PC application connected to the user device to access part of notification data housed in Secure Folder without authorization. The available re...
SAMSUNG Flow 安全漏洞
SAMSUNG Flow is a software product from Samsung South Korea. It is used to enable a seamless, secure, and connected experience on devices. A security vulnerability exists in the SAMSUNG Flow mobile application prior to version 4.8.03.5, which can be exploited by an attacker to gain unauthorized...
CVE-2021-0682
In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product:...
PT-2021-3819 · Gnu +1 · Glibc +1
Name of the Vulnerable Software and Affected Versions: glibc versions through 2.34 Description: The issue is related to the mishandling of certain NOTIFY REMOVED data in the sysdeps/unix/sysv/linux/mq notify.c component of the GNU C Library glibc, leading to a NULL pointer dereference. This can b...
PT-2021-10933 · Unknown · Limesurvey
Name of the Vulnerable Software and Affected Versions: LimeSurvey version 4.2.5 Description: The issue is related to a Cross Site Scripting XSS vulnerability. This vulnerability can be exploited via the Notifications & data feature, specifically on a textbox. Recommendations: For LimeSurvey versi...
CVE-2020-27041
In showProvisioningNotification of ConnectivityService.java, there is an unsafe PendingIntent. This could lead to local information disclosure of notification data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2020-27041
In showProvisioningNotification of ConnectivityService.java, there is an unsafe PendingIntent. This could lead to local information disclosure of notification data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
Information disclosure
In showProvisioningNotification of ConnectivityService.java, there is an unsafe PendingIntent. This could lead to local information disclosure of notification data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2018-16269
The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2...