Lucene search
K

34 matches found

Prion
Prion
added 2023/12/04 11:15 p.m.16 views

Information disclosure

In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification data of another user due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio...

1.7CVSS6.4AI score0.00121EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/04 12:0 a.m.6 views

PT-2023-27270 · Google · Android

Name of the Vulnerable Software and Affected Versions: NotificationConversationInfo.java affected versions not specified Description: The issue is related to a logic error in the code of NotificationConversationInfo.java, specifically in the mOnDone method. This error could allow access to app...

5.5CVSS5.2AI score0.00121EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2023/08/14 12:0 a.m.21 views

CODESYS Development System Improper Enforcement of Message Integrity Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CODESYS Development System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the LearnMoreAction function. The issue results from a missing...

7.1CVSS7.3AI score0.01034EPSS
Exploits0References2
Prion
Prion
added 2021/11/05 3:15 a.m.24 views

Authorization

Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization...

2.7CVSS5.5AI score0.00286EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/11/05 2:4 a.m.28 views

CVE-2021-25507

Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization...

5.7CVSS5.7AI score0.00286EPSS
Exploits0References1
CVE
CVE
added 2021/11/05 2:4 a.m.59 views

CVE-2021-25507

CVE-2021-25507 describes an improper authorization vulnerability in the Samsung Flow mobile app before version 4.8.03.5. The issue enables a Samsung Flow PC application connected to the user device to access part of notification data housed in Secure Folder without authorization. The available re...

5.7CVSS5.5AI score0.00286EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/11/05 12:0 a.m.7 views

SAMSUNG Flow 安全漏洞

SAMSUNG Flow is a software product from Samsung South Korea. It is used to enable a seamless, secure, and connected experience on devices. A security vulnerability exists in the SAMSUNG Flow mobile application prior to version 4.8.03.5, which can be exploited by an attacker to gain unauthorized...

5.7CVSS6AI score0.00286EPSS
Exploits0References2
OSV
OSV
added 2021/10/06 3:15 p.m.2 views

CVE-2021-0682

In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product:...

5.5CVSS6.2AI score0.0011EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/08/09 12:0 a.m.6 views

PT-2021-3819 · Gnu +1 · Glibc +1

Name of the Vulnerable Software and Affected Versions: glibc versions through 2.34 Description: The issue is related to the mishandling of certain NOTIFY REMOVED data in the sysdeps/unix/sysv/linux/mq notify.c component of the GNU C Library glibc, leading to a NULL pointer dereference. This can b...

9.8CVSS6.7AI score0.04729EPSS
Exploits4References45
Positive Technologies
Positive Technologies
added 2021/06/28 12:0 a.m.5 views

PT-2021-10933 · Unknown · Limesurvey

Name of the Vulnerable Software and Affected Versions: LimeSurvey version 4.2.5 Description: The issue is related to a Cross Site Scripting XSS vulnerability. This vulnerability can be exploited via the Notifications & data feature, specifically on a textbox. Recommendations: For LimeSurvey versi...

5.4CVSS5AI score0.00552EPSS
Exploits0References5
OSV
OSV
added 2020/12/15 5:15 p.m.1 views

CVE-2020-27041

In showProvisioningNotification of ConnectivityService.java, there is an unsafe PendingIntent. This could lead to local information disclosure of notification data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.5CVSS6.2AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/12/15 5:15 p.m.2 views

CVE-2020-27041

In showProvisioningNotification of ConnectivityService.java, there is an unsafe PendingIntent. This could lead to local information disclosure of notification data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.5CVSS5.5AI score0.00134EPSS
Exploits0References2
Prion
Prion
added 2020/12/15 5:15 p.m.11 views

Information disclosure

In showProvisioningNotification of ConnectivityService.java, there is an unsafe PendingIntent. This could lead to local information disclosure of notification data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

2.1CVSS5.8AI score0.00134EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/01/22 1:15 p.m.5 views

CVE-2018-16269

The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2...

7.5CVSS5.8AI score0.01377EPSS
Exploits1References2
Rows per page
Query Builder