Vulnerabilidades

*** Pendiente de traducción *** A vulnerability exists in an Orchestrator service that could allow an unauthenticated remote attacker to bypass multi-factor authentication requirements. Successful exploitation could allow an attacker to create an admin user account without the necessary multi-factor authentication, thereby compromising the integrity of secured access to the system.

*** Pendiente de traducción *** Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface and thereby make unauthorized arbitrary configuration changes to the host.

*** Pendiente de traducción *** A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the boot, by shorting a data pin of the IC to ground. An attacker can then dump the entire firmware, leading to the disclosure of sensitive information including cryptographic keys and user configurations.

*** Pendiente de traducción *** Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or data manipulation.

*** Pendiente de traducción *** An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller (Wi-Fi and BLE module) on the device is open to access

*** Pendiente de traducción *** TinyOS versions up to and including 2.1.2 contain a global buffer overflow vulnerability in the printfUART formatted output implementation used within the ZigBee / IEEE 802.15.4 networking stack. The implementation formats output into a fixed-size global buffer and concatenates strings for %s format specifiers using strcat() without verifying remaining buffer capacity. When printfUART is invoked with a caller-controlled string longer than the available space, the unbounded sprintf/strcat sequence writes past the end of debugbuf, resulting in global memory corruption. This can cause denial of service, unintended behavior, or information disclosure via corrupted adjacent global state or UART output.

*** Pendiente de traducción *** A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.

*** Pendiente de traducción *** The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable admin API to create a new user with admin privileges. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers' data and completely compromise the targeted platform by logging in to the newly-created admin user.

*** Pendiente de traducción *** The vulnerability exists in BLUVOYIX due to design flaws in the email sending API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable email sending API. Successful exploitation of this vulnerability could allow the attacker to send unsolicited emails to anyone on behalf of the company.

*** Pendiente de traducción *** The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable users API to retrieve the plaintext passwords of all user users. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers' data and completely compromise the targeted platform by logging in using an exposed admin email address and password.

*** Pendiente de traducción *** Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cpuset: fix warning when disabling remote partition<br /> <br /> A warning was triggered as follows:<br /> <br /> WARNING: kernel/cgroup/cpuset.c:1651 at remote_partition_disable+0xf7/0x110<br /> RIP: 0010:remote_partition_disable+0xf7/0x110<br /> RSP: 0018:ffffc90001947d88 EFLAGS: 00000206<br /> RAX: 0000000000007fff RBX: ffff888103b6e000 RCX: 0000000000006f40<br /> RDX: 0000000000006f00 RSI: ffffc90001947da8 RDI: ffff888103b6e000<br /> RBP: ffff888103b6e000 R08: 0000000000000000 R09: 0000000000000000<br /> R10: 0000000000000001 R11: ffff88810b2e2728 R12: ffffc90001947da8<br /> R13: 0000000000000000 R14: ffffc90001947da8 R15: ffff8881081f1c00<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00007f55c8bbe0b2 CR3: 000000010b14c000 CR4: 00000000000006f0<br /> Call Trace:<br /> <br /> update_prstate+0x2d3/0x580<br /> cpuset_partition_write+0x94/0xf0<br /> kernfs_fop_write_iter+0x147/0x200<br /> vfs_write+0x35d/0x500<br /> ksys_write+0x66/0xe0<br /> do_syscall_64+0x6b/0x390<br /> entry_SYSCALL_64_after_hwframe+0x4b/0x53<br /> RIP: 0033:0x7f55c8cd4887<br /> <br /> Reproduction steps (on a 16-CPU machine):<br /> <br /> # cd /sys/fs/cgroup/<br /> # mkdir A1<br /> # echo +cpuset &gt; A1/cgroup.subtree_control<br /> # echo "0-14" &gt; A1/cpuset.cpus.exclusive<br /> # mkdir A1/A2<br /> # echo "0-14" &gt; A1/A2/cpuset.cpus.exclusive<br /> # echo "root" &gt; A1/A2/cpuset.cpus.partition<br /> # echo 0 &gt; /sys/devices/system/cpu/cpu15/online<br /> # echo member &gt; A1/A2/cpuset.cpus.partition<br /> <br /> When CPU 15 is offlined, subpartitions_cpus gets cleared because no CPUs<br /> remain available for the top_cpuset, forcing partitions to share CPUs with<br /> the top_cpuset. In this scenario, disabling the remote partition triggers<br /> a warning stating that effective_xcpus is not a subset of<br /> subpartitions_cpus. Partitions should be invalidated in this case to<br /> inform users that the partition is now invalid(cpus are shared with<br /> top_cpuset).<br /> <br /> To fix this issue:<br /> 1. Only emit the warning only if subpartitions_cpus is not empty and the<br /> effective_xcpus is not a subset of subpartitions_cpus.<br /> 2. During the CPU hotplug process, invalidate partitions if<br /> subpartitions_cpus is empty.