Vulnerabilidades

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE<br /> <br /> When installing an emulated MMIO SPTE, do so *after* dropping/zapping the<br /> existing SPTE (if it&amp;#39;s shadow-present). While commit a54aa15c6bda3 was<br /> right about it being impossible to convert a shadow-present SPTE to an<br /> MMIO SPTE due to a _guest_ write, it failed to account for writes to guest<br /> memory that are outside the scope of KVM.<br /> <br /> E.g. if host userspace modifies a shadowed gPTE to switch from a memslot<br /> to emulted MMIO and then the guest hits a relevant page fault, KVM will<br /> install the MMIO SPTE without first zapping the shadow-present SPTE.<br /> <br /> ------------[ cut here ]------------<br /> is_shadow_present_pte(*sptep)<br /> WARNING: arch/x86/kvm/mmu/mmu.c:484 at mark_mmio_spte+0xb2/0xc0 [kvm], CPU#0: vmx_ept_stale_r/4292<br /> Modules linked in: kvm_intel kvm irqbypass<br /> CPU: 0 UID: 1000 PID: 4292 Comm: vmx_ept_stale_r Not tainted 7.0.0-rc2-eafebd2d2ab0-sink-vm #319 PREEMPT<br /> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015<br /> RIP: 0010:mark_mmio_spte+0xb2/0xc0 [kvm]<br /> Call Trace:<br /> <br /> mmu_set_spte+0x237/0x440 [kvm]<br /> ept_page_fault+0x535/0x7f0 [kvm]<br /> kvm_mmu_do_page_fault+0xee/0x1f0 [kvm]<br /> kvm_mmu_page_fault+0x8d/0x620 [kvm]<br /> vmx_handle_exit+0x18c/0x5a0 [kvm_intel]<br /> kvm_arch_vcpu_ioctl_run+0xc55/0x1c20 [kvm]<br /> kvm_vcpu_ioctl+0x2d5/0x980 [kvm]<br /> __x64_sys_ioctl+0x8a/0xd0<br /> do_syscall_64+0xb5/0x730<br /> entry_SYSCALL_64_after_hwframe+0x4b/0x53<br /> RIP: 0033:0x47fa3f<br /> <br /> ---[ end trace 0000000000000000 ]---

*** Pendiente de traducción *** Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper Limitation of a Pathname to a Restricted Directory (&amp;#39;Path Traversal&amp;#39;) vulnerability. A high privileged attacker within the management network could potentially exploit this vulnerability, leading to remote execution.

*** Pendiente de traducción *** PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.

*** Pendiente de traducción *** A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AlarmController.java of the component Alarm Preview. Executing a manipulation can lead to server-side request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

*** Pendiente de traducción *** A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the address[/mask-bits] syntax were not affected.<br /> <br /> Some keywords representing actions taken on a packet-matching rule, such as &amp;#39;log&amp;#39;, &amp;#39;return tll&amp;#39;, or &amp;#39;dnpipe&amp;#39;, may suffer from the same issue. It is unlikely that users have such configurations, as these rules would always be redundant.<br /> <br /> Affected rules are silently ignored, which can lead to unexpected behaviour including over- and underblocking.

*** Pendiente de traducción *** A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function _get_file of the file iopaint/file_manager/file_manager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

*** Pendiente de traducción *** A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.

*** Pendiente de traducción *** A vulnerability has been found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /delstaffinfo.php of the component Parameter Handler. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

*** Pendiente de traducción *** The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS (including private posts) in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can brute-force the filenames to gain access to sensitive data contained within the exported files.

*** Pendiente de traducción *** A vulnerability was detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /delstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.

*** Pendiente de traducción *** The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce&amp;#39;s permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers.

*** Pendiente de traducción *** Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)