Vulnerabilidades

*** Pendiente de traducción *** Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0.

*** Pendiente de traducción *** cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `>` or `-` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources.

*** Pendiente de traducción *** cmark-gfm is GitHub&amp;#39;s fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `_` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources.<br /> <br /> <br /> <br /> <br /> ### Impact<br /> <br /> A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service.<br /> <br /> ### Proof of concept<br /> <br /> ```<br /> $ ~/cmark-gfm$ python3 -c &amp;#39;pad = "_" * 100000; print(pad + "." + pad, end="")&amp;#39; | time ./build/src/cmark-gfm --to plaintext<br /> ```<br /> <br /> Increasing the number 10000 in the above commands causes the running time to increase quadratically.<br /> <br /> ### Patches<br /> <br /> This vulnerability have been patched in 0.29.0.gfm.10.<br /> <br /> ### Note on cmark and cmark-gfm<br /> <br /> XXX: TBD<br /> <br /> [cmark-gfm](https://github.com/github/cmark-gfm) is a fork of [cmark](https://github.com/commonmark/cmark) that adds the GitHub Flavored Markdown extensions. The two codebases have diverged over time, but share a common core. These bugs affect both `cmark` and `cmark-gfm`. <br /> <br /> ### Credit<br /> <br /> We would like to thank @gravypod for reporting this vulnerability.<br /> <br /> ### References<br /> <br /> https://en.wikipedia.org/wiki/Time_complexity<br /> <br /> ### For more information<br /> <br /> If you have any questions or comments about this advisory:<br /> <br /> * Open an issue in [github/cmark-gfm](https://github.com/github/cmark-gfm)<br />

*** Pendiente de traducción *** Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app (richdocuments) is upgraded to 8.0.0-beta.1, 7.0.2 or 6.3.2. Users unable to upgrade may mitigate the issue by taking steps to restrict the ability to download documents. This includes ensuring that the `WOPI configuration` is configured to only serve documents between Nextcloud and Collabora. It is highly recommended to define the list of Collabora server IPs as the allow list within the Office admin settings of Nextcloud.

*** Pendiente de traducción *** Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.

*** Pendiente de traducción *** Nextcloud talk is a video &amp; audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they themselves are not members. It is recommended that the Nextcloud Talk is upgraded to 14.0.9 or 15.0.4. There are no known workarounds for this vulnerability.

*** Pendiente de traducción *** There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.

*** Pendiente de traducción *** Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password.

*** Pendiente de traducción *** Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges.

*** Pendiente de traducción *** Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.

*** Pendiente de traducción *** Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device.

*** Pendiente de traducción *** X-Man 1.0 has a SQL injection vulnerability, which can cause data leakage.