Vulnerabilidades

*** Pendiente de traducción *** HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.

*** Pendiente de traducción *** Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into projects they cannot access. This vulnerability is fixed in 1.2.50.

*** Pendiente de traducción *** Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Identifiers.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate()<br /> <br /> nft_map_catchall_activate() has an inverted element activity check<br /> compared to its non-catchall counterpart nft_mapelem_activate() and<br /> compared to what is logically required.<br /> <br /> nft_map_catchall_activate() is called from the abort path to re-activate<br /> catchall map elements that were deactivated during a failed transaction.<br /> It should skip elements that are already active (they don&amp;#39;t need<br /> re-activation) and process elements that are inactive (they need to be<br /> restored). Instead, the current code does the opposite: it skips inactive<br /> elements and processes active ones.<br /> <br /> Compare the non-catchall activate callback, which is correct:<br /> <br /> nft_mapelem_activate():<br /> if (nft_set_elem_active(ext, iter-&gt;genmask))<br /> return 0; /* skip active, process inactive */<br /> <br /> With the buggy catchall version:<br /> <br /> nft_map_catchall_activate():<br /> if (!nft_set_elem_active(ext, genmask))<br /> continue; /* skip inactive, process active */<br /> <br /> The consequence is that when a DELSET operation is aborted,<br /> nft_setelem_data_activate() is never called for the catchall element.<br /> For NFT_GOTO verdict elements, this means nft_data_hold() is never<br /> called to restore the chain-&gt;use reference count. Each abort cycle<br /> permanently decrements chain-&gt;use. Once chain-&gt;use reaches zero,<br /> DELCHAIN succeeds and frees the chain while catchall verdict elements<br /> still reference it, resulting in a use-after-free.<br /> <br /> This is exploitable for local privilege escalation from an unprivileged<br /> user via user namespaces + nftables on distributions that enable<br /> CONFIG_USER_NS and CONFIG_NF_TABLES.<br /> <br /> Fix by removing the negation so the check matches nft_mapelem_activate():<br /> skip active elements, process inactive ones.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec<br /> <br /> nvmet_tcp_build_pdu_iovec() could walk past cmd-&gt;req.sg when a PDU<br /> length or offset exceeds sg_cnt and then use bogus sg-&gt;length/offset<br /> values, leading to _copy_to_iter() GPF/KASAN. Guard sg_idx, remaining<br /> entries, and sg-&gt;length/offset before building the bvec.

*** Pendiente de traducción *** Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.

*** Pendiente de traducción *** Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.

*** Pendiente de traducción *** A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.

*** Pendiente de traducción *** Improper Control of Generation of Code (&amp;#39;Code Injection&amp;#39;) vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas.<br /> <br /> This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0.<br /> <br /> Users are recommended to upgrade to version 1.12.1 or 1.11.5, which fix the issue.

*** Pendiente de traducción *** Mattermost versions 10.11.x

*** Pendiente de traducción *** Mattermost versions 11.1.x

*** Pendiente de traducción *** Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2.