Vulnerabilidades

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix to avoid out-of-boundary access in dnode page<br /> <br /> As Jiaming Zhang reported:<br /> <br /> <br /> __dump_stack lib/dump_stack.c:94 [inline]<br /> dump_stack_lvl+0x1c1/0x2a0 lib/dump_stack.c:120<br /> print_address_description mm/kasan/report.c:378 [inline]<br /> print_report+0x17e/0x800 mm/kasan/report.c:480<br /> kasan_report+0x147/0x180 mm/kasan/report.c:593<br /> data_blkaddr fs/f2fs/f2fs.h:3053 [inline]<br /> f2fs_data_blkaddr fs/f2fs/f2fs.h:3058 [inline]<br /> f2fs_get_dnode_of_data+0x1a09/0x1c40 fs/f2fs/node.c:855<br /> f2fs_reserve_block+0x53/0x310 fs/f2fs/data.c:1195<br /> prepare_write_begin fs/f2fs/data.c:3395 [inline]<br /> f2fs_write_begin+0xf39/0x2190 fs/f2fs/data.c:3594<br /> generic_perform_write+0x2c7/0x910 mm/filemap.c:4112<br /> f2fs_buffered_write_iter fs/f2fs/file.c:4988 [inline]<br /> f2fs_file_write_iter+0x1ec8/0x2410 fs/f2fs/file.c:5216<br /> new_sync_write fs/read_write.c:593 [inline]<br /> vfs_write+0x546/0xa90 fs/read_write.c:686<br /> ksys_write+0x149/0x250 fs/read_write.c:738<br /> do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]<br /> do_syscall_64+0xf3/0x3d0 arch/x86/entry/syscall_64.c:94<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> <br /> The root cause is in the corrupted image, there is a dnode has the same<br /> node id w/ its inode, so during f2fs_get_dnode_of_data(), it tries to<br /> access block address in dnode at offset 934, however it parses the dnode<br /> as inode node, so that get_dnode_addr() returns 360, then it tries to<br /> access page address from 360 + 934 * 4 = 4096 w/ 4 bytes.<br /> <br /> To fix this issue, let&amp;#39;s add sanity check for node id of all direct nodes<br /> during f2fs_get_dnode_of_data().

*** Pendiente de traducción *** A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

*** Pendiente de traducción *** A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

*** Pendiente de traducción *** A security vulnerability has been detected in itsourcecode Student Information System 1.0. This affects an unknown function of the file /course_edit1.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

*** Pendiente de traducción *** The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin&amp;#39;s oceanwp_library shortcode in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

*** Pendiente de traducción *** The TablePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode_debug’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

*** Pendiente de traducción *** An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path.

*** Pendiente de traducción *** A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands.

*** Pendiente de traducción *** An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution.

*** Pendiente de traducción *** A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks.

*** Pendiente de traducción *** A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication.

*** Pendiente de traducción *** Path Traversal: &amp;#39;.../...//&amp;#39; vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0.