Vulnerabilidades

*** Pendiente de traducción *** A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function write_is_viewer of the file src/device/cart/is_viewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used. The identifier of the patch is 3984137fc0c44110f1ef876adb008885b05a6e18. To fix this issue, it is recommended to deploy a patch.

*** Pendiente de traducción *** IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

*** Pendiente de traducción *** A weakness has been identified in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/HistoricoEscolar/processamentoApi. Executing manipulation can lead to improper authorization. The attack may be performed from a remote location. The exploit has been made available to the public and could be exploited.

*** Pendiente de traducción *** A security flaw has been discovered in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /module/AreaConhecimento/edit of the component Listagem de áreas de conhecimento Page. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.

*** Pendiente de traducción *** A vulnerability was identified in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/AreaConhecimento/view of the component Listagem de áreas de conhecimento Page. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.

*** Pendiente de traducción *** A vulnerability was determined in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/edit of the component Formula de Cálculo de Média Page. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

*** Pendiente de traducción *** A vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_cms_assemble_control/jaxrs/design/appdict of the component Personal Profile Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

*** Pendiente de traducción *** A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_cms_assemble_control/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix to avoid out-of-boundary access in dnode page<br /> <br /> As Jiaming Zhang reported:<br /> <br /> <br /> __dump_stack lib/dump_stack.c:94 [inline]<br /> dump_stack_lvl+0x1c1/0x2a0 lib/dump_stack.c:120<br /> print_address_description mm/kasan/report.c:378 [inline]<br /> print_report+0x17e/0x800 mm/kasan/report.c:480<br /> kasan_report+0x147/0x180 mm/kasan/report.c:593<br /> data_blkaddr fs/f2fs/f2fs.h:3053 [inline]<br /> f2fs_data_blkaddr fs/f2fs/f2fs.h:3058 [inline]<br /> f2fs_get_dnode_of_data+0x1a09/0x1c40 fs/f2fs/node.c:855<br /> f2fs_reserve_block+0x53/0x310 fs/f2fs/data.c:1195<br /> prepare_write_begin fs/f2fs/data.c:3395 [inline]<br /> f2fs_write_begin+0xf39/0x2190 fs/f2fs/data.c:3594<br /> generic_perform_write+0x2c7/0x910 mm/filemap.c:4112<br /> f2fs_buffered_write_iter fs/f2fs/file.c:4988 [inline]<br /> f2fs_file_write_iter+0x1ec8/0x2410 fs/f2fs/file.c:5216<br /> new_sync_write fs/read_write.c:593 [inline]<br /> vfs_write+0x546/0xa90 fs/read_write.c:686<br /> ksys_write+0x149/0x250 fs/read_write.c:738<br /> do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]<br /> do_syscall_64+0xf3/0x3d0 arch/x86/entry/syscall_64.c:94<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> <br /> The root cause is in the corrupted image, there is a dnode has the same<br /> node id w/ its inode, so during f2fs_get_dnode_of_data(), it tries to<br /> access block address in dnode at offset 934, however it parses the dnode<br /> as inode node, so that get_dnode_addr() returns 360, then it tries to<br /> access page address from 360 + 934 * 4 = 4096 w/ 4 bytes.<br /> <br /> To fix this issue, let&amp;#39;s add sanity check for node id of all direct nodes<br /> during f2fs_get_dnode_of_data().

*** Pendiente de traducción *** A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

*** Pendiente de traducción *** A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

*** Pendiente de traducción *** A security vulnerability has been detected in itsourcecode Student Information System 1.0. This affects an unknown function of the file /course_edit1.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.