Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions. Date published : 2022-05-04 https://advisories.octopus.com/post/2022/sa2022-03/
Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim’s HTTP request, get the victim’s cookie, perform a...
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless. Date published : 2022-05-03 http://packetstormsecurity.com/files/167099/Ruijie-Reyee-Mesh-Router-Remote-Code-Execution.html http://ruijie.com
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the checkNet function in /cgi-bin/luci/api/auth. Date published : 2022-05-03 http://ruijie.com https://seclists.org/fulldisclosure/2022/May/0
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the runPackDiagnose function in /cgi-bin/luci/api/diagnose. Date published : 2022-05-03 http://ruijie.com https://seclists.org/fulldisclosure/2022/May/0
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch. Date published : 2022-05-03 http://ruijie.com https://seclists.org/fulldisclosure/2022/May/0
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the switchFastDhcp function in /cgi-bin/luci/api/diagnose. Date published : 2022-05-03 http://ruijie.com https://seclists.org/fulldisclosure/2022/May/0
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the setSessionTime function in /cgi-bin/luci/api/common.. Date published : 2022-05-03 http://ruijie.com https://seclists.org/fulldisclosure/2022/May/0
OMPL v1.5.2 contains a memory leak in VFRRT.cpp Date published : 2022-05-03 https://github.com/ompl/ompl/issues/839
MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path". Date published : 2022-05-03 https://github.com/leoservalli/Privilege-escalation-MitraStar/blob/main/README.md https://packetstormsecurity.com/files/164333/Mitrastar-GPT-2541GNAC-N1-Privilege-Escalation.html
JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak. Date published : 2022-05-03 https://github.com/jerryscript-project/jerryscript/issues/4781 https://github.com/jerryscript-project/jerryscript/pull/4787
Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter. Date published : 2022-05-03 https://demo.partkeepr.org/ https://github.com/partkeepr/PartKeepr/issues/1237
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could...
TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function ‘tos_mmheap_alloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as...