Vulnerabilidades

*** Pendiente de traducción *** MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.

*** Pendiente de traducción *** A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

*** Pendiente de traducción *** <br /> All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code.<br /> <br />

Existe una vulnerabilidad de confusión de tipos en el método checkThisBox de Javascript implementado en Foxit Reader 12.1.2.15332. El código Javascript especialmente manipulado dentro de un documento PDF malicioso puede dañar la memoria y provocar la ejecución remota de código. El usuario tendría que abrir un archivo malicioso para activar la vulnerabilidad.

*** Pendiente de traducción *** A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

Existe una vulnerabilidad de uso después de la liberación en la forma en que Foxit Reader 12.1.2.15332 maneja la destrucción de anotaciones. El código Javascript especialmente manipulado dentro de un documento PDF malicioso puede desencadenar la reutilización de un objeto previamente liberado, lo que puede provocar daños en la memoria y provocar la ejecución de código arbitrario. Un atacante debe engañar al usuario para que abra el archivo malicioso para desencadenar esta vulnerabilidad. La explotación también es posible si un usuario visita un sitio malicioso especialmente manipulado si la extensión del complemento del navegador está habilitada.

*** Pendiente de traducción *** A use-after-free vulnerability exists in the JavaScript engine of Foxit Software&amp;#39;s PDF Reader, version 12.1.1.15289. A specially crafted PDF document can trigger the reuse of previously freed memory by manipulating form fields of a specific type. This can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

*** Pendiente de traducción *** Issue summary: Checking excessively long DH keys or parameters may be very slow.<br /> <br /> Impact summary: Applications that use the functions DH_check(), DH_check_ex()<br /> or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long<br /> delays. Where the key or parameters that are being checked have been obtained<br /> from an untrusted source this may lead to a Denial of Service.<br /> <br /> The function DH_check() performs various checks on DH parameters. One of those<br /> checks confirms that the modulus (&amp;#39;p&amp;#39; parameter) is not too large. Trying to use<br /> a very large modulus is slow and OpenSSL will not normally use a modulus which<br /> is over 10,000 bits in length.<br /> <br /> However the DH_check() function checks numerous aspects of the key or parameters<br /> that have been supplied. Some of those checks use the supplied modulus value<br /> even if it has already been found to be too large.<br /> <br /> An application that calls DH_check() and supplies a key or parameters obtained<br /> from an untrusted source could be vulernable to a Denial of Service attack.<br /> <br /> The function DH_check() is itself called by a number of other OpenSSL functions.<br /> An application calling any of those other functions may similarly be affected.<br /> The other functions affected by this are DH_check_ex() and<br /> EVP_PKEY_param_check().<br /> <br /> Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications<br /> when using the &amp;#39;-check&amp;#39; option.<br /> <br /> The OpenSSL SSL/TLS implementation is not affected by this issue.<br /> The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

*** Pendiente de traducción *** Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file.<br /> <br /> The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machine, and the target machine can access the URL with the arbitrary code JAR.<br /> An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. When the ShardingSphere JVM process starts and uses the ShardingSphere-Agent, the arbitrary code specified by the attacker will be executed during the deserialization of the YAML configuration file by the Agent.<br /> <br /> This issue affects ShardingSphere-Agent: through 5.3.2. This vulnerability is fixed in Apache ShardingSphere 5.4.0.

*** Pendiente de traducción *** A vulnerability was found in Intergard SGS 8.7.0. It has been declared as problematic. This vulnerability affects unknown code of the component SQL Query Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234448. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

*** Pendiente de traducción *** A vulnerability was found in Intergard SGS 8.7.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to cleartext storage of sensitive information in memory. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-234447. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

*** Pendiente de traducción *** A vulnerability was found in Intergard SGS 8.7.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Password Change Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-234446 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.