Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0. Date published : 2022-04-21 https://huntr.dev/bounties/23e37ba7-96d5-4037-a90a-8c8f4a70ce44 https://github.com/detekt/detekt/commit/c965a8d2a6bbdb9bcfc6acfa7bbffd3da81f5395
The affected product is vulnerable to a network-based attack by threat actors supplying a crafted, malicious XML payload designed to trigger an external entity reference call. Date published : 2022-04-20 https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03
The affected product is vulnerable to a network-based attack by threat actors utilizing crafted naming conventions of files to gain unauthorized access rights. Date published : 2022-04-20 https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03
The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation. Date published : 2022-04-20 https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03
The affected product is vulnerable to a network-based attack by threat actors sending unimpeded requests to the receiving server, which could cause a denial-of-service condition due to lack of heap memory resources. Date published...
An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php. Date published : 2022-04-20 http://packetstormsecurity.com/files/167026/WebTareas-2.4-SQL-Injection.html https://behradtaher.dev/2021/11/05/Discovering-a-Blind-SQL-Injection-Whitebox-Approach/
The affected product is vulnerable to misconfigured binaries, allowing users on the target PC with SYSTEM level privileges access to overwrite the binary and modify files to gain privilege escalation. Date published : 2022-04-20...
A denial of service vulnerability exists in MDT’s firmware for the KNXnet/IP Secure router SCN-IP100.03 and KNX IP interface SCN-IP000.03 before v3.0.4, that allows a remote attacker to turn the device unresponsive to all...
A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway...
The CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the user has permissions to edit the target page. This could lead to an unauthorised (or blocked) user being able to edit...
gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a heap-based buffer over-read, as demonstrated by MP4Box. Date published : 2022-04-20 https://github.com/gpac/gpac/issues/2173
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the...
An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header. Date published : 2022-04-20 https://github.com/MISP/MISP/commit/01120163a6b4d905029d416e7305575df31df8af https://github.com/MISP/MISP/compare/v2.4.157…v2.4.158
An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page." Date published : 2022-04-20 https://github.com/MISP/MISP/commit/ce6bc88e330f5ef50666b149d86c0d94f545f24e https://github.com/MISP/MISP/compare/v2.4.157…v2.4.158