Vulnerabilidades

*** Pendiente de traducción *** A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?_route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out remotely. The vendor was contacted early about this disclosure but did not respond in any way.

*** Pendiente de traducción *** A weakness has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown function of the file /?\_route=pool/add of the component Pool List Interface. Executing a manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

*** Pendiente de traducción *** A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogu_picture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture Storage Service. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

*** Pendiente de traducción *** A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

*** Pendiente de traducción *** Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings.<br /> This vulnerability has been fixed in version 5.6.3

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: skb: fix cross-cache free of KFENCE-allocated skb head<br /> <br /> SKB_SMALL_HEAD_CACHE_SIZE is intentionally set to a non-power-of-2<br /> value (e.g. 704 on x86_64) to avoid collisions with generic kmalloc<br /> bucket sizes. This ensures that skb_kfree_head() can reliably use<br /> skb_end_offset to distinguish skb heads allocated from<br /> skb_small_head_cache vs. generic kmalloc caches.<br /> <br /> However, when KFENCE is enabled, kfence_ksize() returns the exact<br /> requested allocation size instead of the slab bucket size. If a caller<br /> (e.g. bpf_test_init) allocates skb head data via kzalloc() and the<br /> requested size happens to equal SKB_SMALL_HEAD_CACHE_SIZE, then<br /> slab_build_skb() -&gt; ksize() returns that exact value. After subtracting<br /> skb_shared_info overhead, skb_end_offset ends up matching<br /> SKB_SMALL_HEAD_HEADROOM, causing skb_kfree_head() to incorrectly free<br /> the object to skb_small_head_cache instead of back to the original<br /> kmalloc cache, resulting in a slab cross-cache free:<br /> <br /> kmem_cache_free(skbuff_small_head): Wrong slab cache. Expected<br /> skbuff_small_head but got kmalloc-1k<br /> <br /> Fix this by always calling kfree(head) in skb_kfree_head(). This keeps<br /> the free path generic and avoids allocator-specific misclassification<br /> for KFENCE objects.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> X.509: Fix out-of-bounds access when parsing extensions<br /> <br /> Leo reports an out-of-bounds access when parsing a certificate with<br /> empty Basic Constraints or Key Usage extension because the first byte of<br /> the extension is read before checking its length. Fix it.<br /> <br /> The bug can be triggered by an unprivileged user by submitting a<br /> specially crafted certificate to the kernel through the keyrings(7) API.<br /> Leo has demonstrated this with a proof-of-concept program responsibly<br /> disclosed off-list.

*** Pendiente de traducción *** A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument __proto__ causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The code repository of the project has not been active for many years.

*** Pendiente de traducción *** A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

*** Pendiente de traducción *** A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

*** Pendiente de traducción *** A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

*** Pendiente de traducción *** ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges.