973 matches found
GitHub Security Lab: Java: JSONP Injection
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java] CWE-094: Query to detect Groovy Code Injections
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: ihsinme: CPP Add query for CWE-691 Insufficient Control Flow Management When Using Bit Operations
This bug was reported directly to GitHub Security Lab...
CVE-2021-29448 Stored DOM XSS in Pi-hole Admin Web Interface
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details...
GitHub Security Lab: [Java] CWE-1004: Query to check sensitive cookies without the HttpOnly flag set
This bug was reported directly to GitHub Security Lab...
CVE-2021-29428
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...
CVE-2021-29428
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...
CVE-2021-29428
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...
Directory traversal
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...
Design/Logic Flaw
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies...
CVE-2021-29428 Local privilege escalation through system temporary directory
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...
CVE-2021-21393
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party...
CVE-2021-21392 Open redirect via transitional IPv6 addresses on dual-stack networks
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...
CVE-2021-21394
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party...
CVE-2021-21394 Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party...
GitHub Security Lab: porcupiney.hairs : Java/Android - Insecure Loading of a Dex File
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [codeql-go]: Add CWE-79: HTML template escaping passthrough
This bug was reported directly to GitHub Security Lab...
CVE-2021-21432
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. An authentication mechanism added in version 0.7.0 enables some malicious user to obtain secrets utilizing the injected credentials within the /.netrc file. Refer to the referenced GitHub Security...
Authentication flaw
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. An authentication mechanism added in version 0.7.0 enables some malicious user to obtain secrets utilizing the injected credentials within the /.netrc file. Refer to the referenced GitHub Security...
GitHub Security Lab: [Java] CWE-016: Query to detect insecure configuration of Spring Boot Actuator
This bug was reported directly to GitHub Security Lab...