Vulnerabilidades

*** Pendiente de traducción *** Advantech WebAccess/SCADA <br /> is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands.

*** Pendiente de traducción *** Due to a product misconfiguration in certain deployment types, it was possible from different pods in the same namespace to communicate with each other. This issue resulted in bypass of access control due to the presence of a vulnerable endpoint in Foundry Container Service that executed user-controlled commands locally.

*** Pendiente de traducción *** Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although `CLIENTS_MAX` is defined, `server_work()` unconditionally `accept()`s and `client_new()` always appends the new client and increments `n_clients`. There is no check against the limit. When client cannot be accepted as a result of maximal socket number of avahi-daemon, it logs unconditionally error per each connection. Unprivileged local users can exhaust daemon memory and file descriptors, causing a denial of service system-wide for mDNS/DNS-SD. Exhausting local file descriptors causes increased system load caused by logging errors of each of request. Overloading prevents glibc calls using nss-mdns plugins to resolve `*.local.` names and link-local addresses. As of time of publication, no known patched versions are available, but a candidate fix is available in pull request 808, and some workarounds are available. Simple clients are offered for nss-mdns package functionality. It is not possible to disable the unix socket `/run/avahi-daemon/socket`, but resolution requests received via DBus are not affected directly. Tools avahi-resolve, avahi-resolve-address and avahi-resolve-host-name are not affected, they use DBus interface. It is possible to change permissions of unix socket after avahi-daemon is started. But avahi-daemon does not provide any configuration for it. Additional access restrictions like SELinux can also prevent unwanted tools to access the socket and keep resolution working for trusted users.

*** Pendiente de traducción *** BullWall Ransomware Containment does not entirely inspect a file to determine if it is ransomware. An authenticated attacker could bypass detection by encrypting a file and leaving the first four bytes unaltered. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other versions before and after may also be affected.

*** Pendiente de traducción *** BullWall Ransomware Containment contains excluded file paths, such as &amp;#39;$recycle.bin&amp;#39; that are not monitored. An attacker with file write permissions could bypass detection by renaming a directory. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other versions before and after may also be affected.

*** Pendiente de traducción *** The vulnerability affects Ignition SCADA applications where Python <br /> scripting is utilized for automation purposes. The vulnerability arises <br /> from the absence of proper security controls that restrict which Python <br /> libraries can be imported and executed within the scripting environment.<br /> The core issue lies in the Ignition service account having system <br /> permissions beyond what an Ignition privileged user requires. When an <br /> authenticated administrator uploads a malicious project file containing <br /> Python scripts with bind shell capabilities, the application executes <br /> these scripts with the same privileges as the Ignition Gateway process, <br /> which typically runs with SYSTEM-level permissions on Windows. <br /> Alternative code execution patterns could lead to similar results.

*** Pendiente de traducción *** Advantech WebAccess/SCADA<br /> is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files.

*** Pendiente de traducción *** Advantech WebAccess/SCADA <br /> is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code.

*** Pendiente de traducción *** Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files.

*** Pendiente de traducción *** A stored cross-site scripting (XSS) vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter.

*** Pendiente de traducción *** Control Panel provides an API for pre-registering into an enrollment and organization prior to a user&amp;#39;s first login. The API for creating users checks that the account requesting a user creation has `edit` on the enrollment-level user directory, but is missing a separate check that the enrollment editor has access (or belongs to) the organization that they are adding a user to.

*** Pendiente de traducción *** A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Session Report Response that is missing the mandatory Cause Information Element, the session report handler dereferences a nil pointer instead of rejecting the malformed message. This triggers a panic and terminates the UPF process. An attacker who can send PFCP Session Report Response messages to the UPF&amp;#39;s N4/PFCP endpoint can exploit this flaw to repeatedly crash the UPF and disrupt user-plane services.