Vulnerabilidades

*** Pendiente de traducción *** A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered.

*** Pendiente de traducción *** An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute can propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Some customers have experienced these BGP session flaps which prompted Juniper SIRT to release this advisory out of cycle before fixed releases are widely available as there is an effective workaround.<br /> <br /> This issue affects:<br /> Juniper Networks Junos OS<br /> 15.1R1 and later versions prior to 20.4R3-S8;<br /> 21.1 version 21.1R1 and later versions prior to 21.2R3-S6;<br /> 21.3 versions prior to 21.3R3-S5;<br /> 21.4 versions prior to 21.4R3-S4;<br /> 22.1 versions prior to 22.1R3-S4;<br /> 22.2 versions prior to 22.2R3-S2;<br /> 22.3 versions prior to 22.3R2-S2, 22.3R3-S1;<br /> 22.4 versions prior to 22.4R2-S1, 22.4R3;<br /> 23.1 versions prior to 23.1R1-S1, 23.1R2.<br /> <br /> Juniper Networks Junos OS Evolved<br /> All versions prior to 20.4R3-S8-EVO;<br /> 21.1 version 21.1R1-EVO and later versions prior to 21.2R3-S6-EVO;<br /> 21.3 versions prior to 21.3R3-S5-EVO;<br /> 21.4 versions prior to 21.4R3-S4-EVO;<br /> 22.1 versions prior to 22.1R3-S4-EVO;<br /> 22.2 versions prior to 22.2R3-S2-EVO;<br /> 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;<br /> 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;<br /> 23.1 versions prior to 23.1R1-S1-EVO, 23.1R2-EVO.<br />

*** Pendiente de traducción *** Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit.<br /> <br /> It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded.<br /> This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.

*** Pendiente de traducción *** If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow.<br /> This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.

*** Pendiente de traducción *** A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record.<br /> This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.

*** Pendiente de traducción *** Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA.

*** Pendiente de traducción *** An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API.

*** Pendiente de traducción *** Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin

*** Pendiente de traducción *** Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin

*** Pendiente de traducción *** Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WpSimpleTools Manage Upload Limit plugin

*** Pendiente de traducción *** Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin 

*** Pendiente de traducción *** Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code.