973 matches found
GitHub Security Lab: Java: Detect remote source from Android intent extra
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java] CWE-927: Sensitive broadcast
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java: CWE-749 Unsafe resource loading in Android WebView leaking to injection attacks
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java: CWE-918 - Server Side Request Forgery (SSRF)
This bug was reported directly to GitHub Security Lab...
CVE-2020-15250
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this...
CVE-2020-15250
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this...
CVE-2020-15250
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this...
Information disclosure
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this...
Malicious code in `electorn`
npm packages loadyaml and electorn were removed from the npm registry for containing malicious code. Upon installation the package runs a preinstall script that writes a public comment on GitHub containing the following information: - IP and IP-based geolocation - home directory name - local...
GitHub Security Lab: Java : add MongoDB injection sinks
This bug was reported directly to GitHub Security Lab...
GHSA-7QW5-PQHC-XM4G Users with SCRIPT right can execute arbitrary code in XWiki
Impact Any user with SCRIPT right EDIT right before XWiki 7.4 can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. Patches It has been patched in both version XWi...
Users with SCRIPT right can execute arbitrary code in XWiki
Impact Any user with SCRIPT right EDIT right before XWiki 7.4 can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. Patches It has been patched in both version XWi...
GitHub Security Lab: [CATENACYBER]: [CPP] CWE-476 Null Pointer Dereference : Another query to either missing or redundant NULL check
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CodeQL query to detect XSLT injections
This bug was reported directly to GitHub Security Lab...
CVE-2020-15167
In Miller command line utility using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious .mlrrc file in the working directory. See linked GitHub Security Advisory for complete details. A fix is rea...
CVE-2020-15167
In Miller command line utility using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious .mlrrc file in the working directory. See linked GitHub Security Advisory for complete details. A fix is rea...
CVE-2020-15167 Arbitrary code execution via configuration file in Miller
In Miller command line utility using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious .mlrrc file in the working directory. See linked GitHub Security Advisory for complete details. A fix is rea...
CVE-2020-15167
In Miller command line utility using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious .mlrrc file in the working directory. See linked GitHub Security Advisory for complete details. A fix is rea...
CVE-2020-15165
Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHu...
CVE-2020-15165
Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHu...