CVE-2020-15165

Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHu...

GHSA-844J-8V3Q-83RF

creationtimestamp| type| source ---|---|--- 2025-01-26 19:07:26+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/3146...

GHSA-4GV5-8WW7-7MF6

creationtimestamp| type| source ---|---|--- 2025-01-26 07:06:06+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/3117...

GHSA-PXFF-CV94-PM48

creationtimestamp| type| source ---|---|--- 2025-01-25 17:06:13+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/3097...

GHSA-27G8-5Q48-XMW6

creationtimestamp| type| source ---|---|--- 2025-01-21 18:00:40+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2430...

GHSA-PM8J-3V64-92CQ

creationtimestamp| type| source ---|---|--- 2025-01-16 22:56:25+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2070...

GHSA-XFJ4-9G7W-F4GH

creationtimestamp| type| source ---|---|--- 2025-01-10 17:03:32+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/1165...

GHSA-24M8-VX7P-Q7MF

creationtimestamp| type| source ---|---|--- 2025-01-06 06:40:14+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/150...

GHSA-9G72-VRH2-4XQW

creationtimestamp| type| source ---|---|--- 2025-01-05 18:40:52+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/136...

GHSA-5CHH-WV34-P78R

creationtimestamp| type| source ---|---|--- 2025-01-05 01:33:31+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/64 2025-01-05 01:36:19+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/86 2025-01-05 01:39:04+00:00| published-proof-of-concept|...

FreeBSD : py-matrix-synapse -- multiple vulnerabilities in versions prior to 1.120.1 (71f3e9f0-bafc-11ef-885d-901b0e934d69)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 71f3e9f0-bafc-11ef-885d-901b0e934d69 advisory. element-hq/synapse developers report: The 1.120.1 release fixes multiple security...

py-matrix-synapse -- multiple vulnerabilities in versions prior to 1.120.1

element-hq/synapse developers report: The 1.120.1 release fixes multiple security vulnerabilities, some affecting all prior versions of Synapse. Server administrators are encouraged to update Synapse as soon as possible. We are not aware of these vulnerabilities being exploited in the wild...

CVE-2024-49756 AshPostgres empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.

AshPostgres is the PostgreSQL data layer for Ash Framework. Starting in version 2.0.0 and prior to version 2.4.10, in certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would...

CVE-2024-49756

AshPostgres (Ash Framework data layer) has a vulnerability in versions 2.0.0 through 2.4.9 where update actions that are empty (no field changes) could skip policies and trigger side effects. The issue is limited to such actions and does not enable reading new data. It requires specific condition...

CVE-2024-45314

Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If...

CVE-2024-45314 Flask-AppBuilder login form allows browser to cache sensitive fields

Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If...

CVE-2024-45314

CVE-2024-45314 affects Flask-AppBuilder: the auth DB login form allows the browser to cache sensitive data. Affected component is the login form; root cause is default cache directives exposing data in shared environments. Version 4.5.1 fixes the issue. If upgrading is not possible, a workaround ...

CVE-2024-45314

Removed by vendor...

BIT-HUBBLE-UI-2022-29178

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...

BIT-CILIUM-PROXY-2022-29178

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...