Vulnerabilidades

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow<br /> <br /> When an invalid stc_type is provided, the function allocates memory for<br /> shared_stc but jumps to unlock_and_out without freeing it, causing a<br /> memory leak.<br /> <br /> Fix by jumping to free_shared_stc label instead to ensure proper cleanup.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> efi: stmm: Fix incorrect buffer allocation method<br /> <br /> The communication buffer allocated by setup_mm_hdr() is later on passed<br /> to tee_shm_register_kernel_buf(). The latter expects those buffers to be<br /> contiguous pages, but setup_mm_hdr() just uses kmalloc(). That can cause<br /> various corruptions or BUGs, specifically since commit 9aec2fb0fd5e<br /> ("slab: allocate frozen pages"), though it was broken before as well.<br /> <br /> Fix this by using alloc_pages_exact() instead of kmalloc().

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xfs: do not propagate ENODATA disk errors into xattr code<br /> <br /> ENODATA (aka ENOATTR) has a very specific meaning in the xfs xattr code;<br /> namely, that the requested attribute name could not be found.<br /> <br /> However, a medium error from disk may also return ENODATA. At best,<br /> this medium error may escape to userspace as "attribute not found"<br /> when in fact it&amp;#39;s an IO (disk) error.<br /> <br /> At worst, we may oops in xfs_attr_leaf_get() when we do:<br /> <br /> error = xfs_attr_leaf_hasname(args, &amp;bp);<br /> if (error == -ENOATTR) {<br /> xfs_trans_brelse(args-&gt;trans, bp);<br /> return error;<br /> }<br /> <br /> because an ENODATA/ENOATTR error from disk leaves us with a null bp,<br /> and the xfs_trans_brelse will then null-deref it.<br /> <br /> As discussed on the list, we really need to modify the lower level<br /> IO functions to trap all disk errors and ensure that we don&amp;#39;t let<br /> unique errors like this leak up into higher xfs functions - many<br /> like this should be remapped to EIO.<br /> <br /> However, this patch directly addresses a reported bug in the xattr<br /> code, and should be safe to backport to stable kernels. A larger-scope<br /> patch to handle more unique errors at lower levels can follow later.<br /> <br /> (Note, prior to 07120f1abdff we did not oops, but we did return the<br /> wrong error code to userspace.)

*** Pendiente de traducción *** Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Holistic IT, Consultancy Coop. Workcube ERP allows Reflected XSS.This issue affects Workcube ERP: from V12 - V14 before Cognitive.

*** Pendiente de traducción *** Authorization Bypass Through User-Controlled Key vulnerability in Beefull Energy Technologies Beefull App allows Exploitation of Trusted Identifiers.This issue affects Beefull App: before 24.07.2025.

*** Pendiente de traducción *** A Cross Site Scripting vulnerability in JeeWMS v.3.7 and before allows a remote attacker to obtain sensitive information via the logController.do component

*** Pendiente de traducción *** Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured.<br /> <br /> <br /> The issue occurs in the following cases:<br /> <br /> * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n";<br /> * Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings "JAVA_AR=N" and "use_openssl=n"

*** Pendiente de traducción *** A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured.<br /> <br /> <br /> The issue occurs in the following cases:<br /> <br /> * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n";<br /> * Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings "JAVA_AR=N" and "use_openssl=n".

*** Pendiente de traducción *** A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability was fixed in 9.0.20.100 and above.

*** Pendiente de traducción *** A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent.<br /> <br /> This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions.

*** Pendiente de traducción *** If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVA_AR setting in newer versions), the verification stops at the first NULL byte encountered in the email address referenced in the client certificate. An attacker could bypass configured ACLs by using a specially crafted certificate.

*** Pendiente de traducción *** The improper order of AUTHORIZED_CTM_IP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions (e.g. CVE-2025-55117 or CVE-2025-55118) or potentially to resource exhaustion.