973 matches found
Design/Logic Flaw
Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHu...
CVE-2020-15165
The CVE-2020-15165 entry concerns the Chameleon Mini Live Debugger Android package (Google Play) version 1.1.6-free, where sources or permissions may have been tampered by a malicious actor. Red Hat and OSV records cite the same vulnerability description; ENISA EUVD-2020-7239 notes malware in the...
CVE-2020-15165 Potentially tampered sources on Play Store for Chameleon Mini Live Debugger
Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHu...
GitHub Security Lab: [javascript] CWE-117: CodeQL query to detect Log Injection
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java: CWE-798 - Hardcoded AWS credentials
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Golang : Improvements to Golang SSRF query
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: LDAP injection vulnerability in Java
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java: CWE-939 - Address improper URL authorization
This bug was reported directly to GitHub Security Lab...
GHSA-7XCX-6WJH-7XP2 Command Injection in standard-version
GitHub Security Lab GHSL Vulnerability Report: GHSL-2020-111 The GitHub Security Lab team has identified a potential security vulnerability in standard-version. Summary The standardVersion function has a command injection vulnerability. Clients of the standard-version library are unlikely to be...
Command Injection in standard-version
GitHub Security Lab GHSL Vulnerability Report: GHSL-2020-111 The GitHub Security Lab team has identified a potential security vulnerability in standard-version. Summary The standardVersion function has a command injection vulnerability. Clients of the standard-version library are unlikely to be...
GitHub Security Lab: [javascript] CWE-020: CodeQL query to detect missing origin validation in cross-origin communication via postMessage
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java] CWE-295 - Incorrect Hostname Verification - MitM
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CodeQL query to detect OGNL injections
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java: CWE-273 Unsafe certificate trust
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CodeQL query for disabled revocation checking
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Golang : Add MongoDb NoSQL injection sinks
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java : CWE-548 - J2EE server directory listing enabled
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java]: CWE-523 Insecure HSTS configuration
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java: CWE-297 Insecure JavaMail SSL configuration
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CodeQL query for MVEL injections
This bug was reported directly to GitHub Security Lab...