Vulnerabilidades

*** Pendiente de traducción *** An Insecure Direct Object Reference (IDOR) vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'rec_no' parameter in the /student/get-receipt endpoint.

*** Pendiente de traducción *** Missing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows remote attackers to delete arbitrary files via unspecified vectors.

*** Pendiente de traducción *** Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors.

*** Pendiente de traducción *** Incorrect access control in the component ApiPayController.java of platform v1.0.0 allows attackers to access sensitive information via unspecified vectors.

*** Pendiente de traducción *** Incorrect access control in the component ApiOrderService.java of platform v1.0.0 allows attackers to access sensitive information via a crafted request.

*** Pendiente de traducción *** Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows attackers to access sensitive information via a crafted request.

*** Pendiente de traducción *** Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the _download_file_or_dir function.

*** Pendiente de traducción *** Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Input: imx_sc_key - fix memory corruption on unload<br /> <br /> This is supposed to be "priv" but we accidentally pass "&amp;priv" which is<br /> an address in the stack and so it will lead to memory corruption when<br /> the imx_sc_key_action() function is called. Remove the &amp;.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Input: cros_ec_keyb - fix an invalid memory access<br /> <br /> If cros_ec_keyb_register_matrix() isn&amp;#39;t called (due to<br /> `buttons_switches_only`) in cros_ec_keyb_probe(), `ckdev-&gt;idev` remains<br /> NULL. An invalid memory access is observed in cros_ec_keyb_process()<br /> when receiving an EC_MKBP_EVENT_KEY_MATRIX event in cros_ec_keyb_work()<br /> in such case.<br /> <br /> Unable to handle kernel read from unreadable memory at virtual address 0000000000000028<br /> ...<br /> x3 : 0000000000000000 x2 : 0000000000000000<br /> x1 : 0000000000000000 x0 : 0000000000000000<br /> Call trace:<br /> input_event<br /> cros_ec_keyb_work<br /> blocking_notifier_call_chain<br /> ec_irq_thread<br /> <br /> It&amp;#39;s still unknown about why the kernel receives such malformed event,<br /> in any cases, the kernel shouldn&amp;#39;t access `ckdev-&gt;idev` and friends if<br /> the driver doesn&amp;#39;t intend to initialize them.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> be2net: pass wrb_params in case of OS2BMC<br /> <br /> be_insert_vlan_in_pkt() is called with the wrb_params argument being NULL<br /> at be_send_pkt_to_bmc() call site.  This may lead to dereferencing a NULL<br /> pointer when processing a workaround for specific packet, as commit<br /> bc0c3405abbb ("be2net: fix a Tx stall bug caused by a specific ipv6<br /> packet") states.<br /> <br /> The correct way would be to pass the wrb_params from be_xmit().

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> vfat: fix missing sb_min_blocksize() return value checks<br /> <br /> When emulating an nvme device on qemu with both logical_block_size and<br /> physical_block_size set to 8 KiB, but without format, a kernel panic<br /> was triggered during the early boot stage while attempting to mount a<br /> vfat filesystem.<br /> <br /> [95553.682035] EXT4-fs (nvme0n1): unable to set blocksize<br /> [95553.684326] EXT4-fs (nvme0n1): unable to set blocksize<br /> [95553.686501] EXT4-fs (nvme0n1): unable to set blocksize<br /> [95553.696448] ISOFS: unsupported/invalid hardware sector size 8192<br /> [95553.697117] ------------[ cut here ]------------<br /> [95553.697567] kernel BUG at fs/buffer.c:1582!<br /> [95553.697984] Oops: invalid opcode: 0000 [#1] SMP NOPTI<br /> [95553.698602] CPU: 0 UID: 0 PID: 7212 Comm: mount Kdump: loaded Not tainted 6.18.0-rc2+ #38 PREEMPT(voluntary)<br /> [95553.699511] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014<br /> [95553.700534] RIP: 0010:folio_alloc_buffers+0x1bb/0x1c0<br /> [95553.701018] Code: 48 8b 15 e8 93 18 02 65 48 89 35 e0 93 18 02 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff c3 cc cc cc cc 0b 90 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f<br /> [95553.702648] RSP: 0018:ffffd1b0c676f990 EFLAGS: 00010246<br /> [95553.703132] RAX: ffff8cfc4176d820 RBX: 0000000000508c48 RCX: 0000000000000001<br /> [95553.703805] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 0000000000000000<br /> [95553.704481] RBP: ffffd1b0c676f9c8 R08: 0000000000000000 R09: 0000000000000000<br /> [95553.705148] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001<br /> [95553.705816] R13: 0000000000002000 R14: fffff8bc8257e800 R15: 0000000000000000<br /> [95553.706483] FS: 000072ee77315840(0000) GS:ffff8cfdd2c8d000(0000) knlGS:0000000000000000<br /> [95553.707248] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [95553.707782] CR2: 00007d8f2a9e5a20 CR3: 0000000039d0c006 CR4: 0000000000772ef0<br /> [95553.708439] PKRU: 55555554<br /> [95553.708734] Call Trace:<br /> [95553.709015] <br /> [95553.709266] __getblk_slow+0xd2/0x230<br /> [95553.709641] ? find_get_block_common+0x8b/0x530<br /> [95553.710084] bdev_getblk+0x77/0xa0<br /> [95553.710449] __bread_gfp+0x22/0x140<br /> [95553.710810] fat_fill_super+0x23a/0xfc0<br /> [95553.711216] ? __pfx_setup+0x10/0x10<br /> [95553.711580] ? __pfx_vfat_fill_super+0x10/0x10<br /> [95553.712014] vfat_fill_super+0x15/0x30<br /> [95553.712401] get_tree_bdev_flags+0x141/0x1e0<br /> [95553.712817] get_tree_bdev+0x10/0x20<br /> [95553.713177] vfat_get_tree+0x15/0x20<br /> [95553.713550] vfs_get_tree+0x2a/0x100<br /> [95553.713910] vfs_cmd_create+0x62/0xf0<br /> [95553.714273] __do_sys_fsconfig+0x4e7/0x660<br /> [95553.714669] __x64_sys_fsconfig+0x20/0x40<br /> [95553.715062] x64_sys_call+0x21ee/0x26a0<br /> [95553.715453] do_syscall_64+0x80/0x670<br /> [95553.715816] ? __fs_parse+0x65/0x1e0<br /> [95553.716172] ? fat_parse_param+0x103/0x4b0<br /> [95553.716587] ? vfs_parse_fs_param_source+0x21/0xa0<br /> [95553.717034] ? __do_sys_fsconfig+0x3d9/0x660<br /> [95553.717548] ? __x64_sys_fsconfig+0x20/0x40<br /> [95553.717957] ? x64_sys_call+0x21ee/0x26a0<br /> [95553.718360] ? do_syscall_64+0xb8/0x670<br /> [95553.718734] ? __x64_sys_fsconfig+0x20/0x40<br /> [95553.719141] ? x64_sys_call+0x21ee/0x26a0<br /> [95553.719545] ? do_syscall_64+0xb8/0x670<br /> [95553.719922] ? x64_sys_call+0x1405/0x26a0<br /> [95553.720317] ? do_syscall_64+0xb8/0x670<br /> [95553.720702] ? __x64_sys_close+0x3e/0x90<br /> [95553.721080] ? x64_sys_call+0x1b5e/0x26a0<br /> [95553.721478] ? do_syscall_64+0xb8/0x670<br /> [95553.721841] ? irqentry_exit+0x43/0x50<br /> [95553.722211] ? exc_page_fault+0x90/0x1b0<br /> [95553.722681] entry_SYSCALL_64_after_hwframe+0x76/0x7e<br /> [95553.723166] RIP: 0033:0x72ee774f3afe<br /> [95553.723562] Code: 73 01 c3 48 8b 0d 0a 33 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 49 89 ca b8 af 01 00 00 0f 05 3d 01 f0 ff ff 73 01 c3 48 8b 0d da 32 0f 00 f7 d8 64 89 01 48<br /> [95553.725188] RSP: 002b:00007ffe97148978 EFLAGS: 00000246 ORIG_RAX: 00000000000001af<br /> [95553.725892] RAX: ffffffffffffffda RBX: <br /> ---truncated---