975 matches found
German COVID-19 Contact-Tracing Vulnerability Allowed RCE
A security vulnerability in the infrastructure underlying Germany’s official COVID-19 contact-tracing app, called the Corona-Warn-App CWA, would have allowed pre-authenticated remote code execution RCE. Researcher Alvaro Muñoz wrote in a report this week that he and his team at GitHub Security La...
CVE-2020-26230
Radar COVID is the official COVID-19 exposure notification app for Spain. In affected versions of Radar COVID, identification and de-anonymization of COVID-19 positive users that upload Radar COVID TEKs to the Radar COVID server is possible. This vulnerability enables the identification and...
GitHub Security Lab: Java: Detect remote source from Android intent extra
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java] CWE-927: Sensitive broadcast
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java: CWE-749 Unsafe resource loading in Android WebView leaking to injection attacks
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java: CWE-918 - Server Side Request Forgery (SSRF)
This bug was reported directly to GitHub Security Lab...
CVE-2020-15250
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this...
CVE-2020-15250
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this...
CVE-2020-15250
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this...
Information disclosure
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this...
Malicious code in `electorn`
npm packages loadyaml and electorn were removed from the npm registry for containing malicious code. Upon installation the package runs a preinstall script that writes a public comment on GitHub containing the following information: - IP and IP-based geolocation - home directory name - local...
GitHub Security Lab: Java : add MongoDB injection sinks
This bug was reported directly to GitHub Security Lab...
GHSA-7QW5-PQHC-XM4G Users with SCRIPT right can execute arbitrary code in XWiki
Impact Any user with SCRIPT right EDIT right before XWiki 7.4 can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. Patches It has been patched in both version XWi...
Users with SCRIPT right can execute arbitrary code in XWiki
Impact Any user with SCRIPT right EDIT right before XWiki 7.4 can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. Patches It has been patched in both version XWi...
GitHub Security Lab: [CATENACYBER]: [CPP] CWE-476 Null Pointer Dereference : Another query to either missing or redundant NULL check
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CodeQL query to detect XSLT injections
This bug was reported directly to GitHub Security Lab...
CVE-2020-15167
In Miller command line utility using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious .mlrrc file in the working directory. See linked GitHub Security Advisory for complete details. A fix is rea...
CVE-2020-15167
In Miller command line utility using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious .mlrrc file in the working directory. See linked GitHub Security Advisory for complete details. A fix is rea...
CVE-2020-15167 Arbitrary code execution via configuration file in Miller
In Miller command line utility using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious .mlrrc file in the working directory. See linked GitHub Security Advisory for complete details. A fix is rea...
CVE-2020-15167
In Miller command line utility using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious .mlrrc file in the working directory. See linked GitHub Security Advisory for complete details. A fix is rea...