CVE-2025-0105

CVE-2025-0105

Título es
CVE-2025-0105

Sáb, 11/01/2025 – 03:15

Tipo
CWE-73

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-0105

Descripción en
An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.

11/01/2025
11/01/2025
Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Green

Gravedad 4.0
6.90

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://security.paloaltonetworks.com/PAN-SA-2025-0001

    • Enviar en el boletín
    Off

    CVE-2025-0104

    CVE-2025-0104

    Título es
    CVE-2025-0104

    Sáb, 11/01/2025 – 03:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-0104

    Descripción en
    A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browser if that authenticated user clicks a malicious link that allows phishing attacks and could lead to Expedition browser-session theft.

    11/01/2025
    11/01/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Amber

    Gravedad 4.0
    7.00

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://security.paloaltonetworks.com/PAN-SA-2025-0001

    • Enviar en el boletín
    Off

    CVE-2025-0103

    CVE-2025-0103

    Título es
    CVE-2025-0103

    Sáb, 11/01/2025 – 03:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-0103

    Descripción en
    An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on the Expedition system.

    11/01/2025
    11/01/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Amber

    Gravedad 4.0
    9.20

    Gravedad 4.0 txt
    CRITICAL

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://security.paloaltonetworks.com/PAN-SA-2025-0001

    • Enviar en el boletín
    Off

    CVE-2025-23109

    CVE-2025-23109

    Título es
    CVE-2025-23109

    Sáb, 11/01/2025 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23109

    Descripción en
    Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address This vulnerability affects Firefox for iOS

    11/01/2025
    11/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1419275

  • https://www.mozilla.org/security/advisories/mfsa2025-06/

    • Enviar en el boletín
    Off

    CVE-2025-23108

    CVE-2025-23108

    Título es
    CVE-2025-23108

    Sáb, 11/01/2025 – 04:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23108

    Descripción en
    Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS

    11/01/2025
    11/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1933172

  • https://www.mozilla.org/security/advisories/mfsa2025-06/

    • Enviar en el boletín
    Off

    CVE-2024-12304

    CVE-2024-12304

    Título es
    CVE-2024-12304

    Sáb, 11/01/2025 – 04:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-12304

    Descripción en
    The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via button block link in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

    11/01/2025
    11/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://plugins.trac.wordpress.org/changeset/3212269/kadence-blocks/tags/3.4.3/includes/blocks/class-kadence-blocks-singlebtn-block.php

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/c300c485-e5ab-48b3-99e8-0def5668ef4a?source=cve

    • Enviar en el boletín
    Off

    CVE-2024-12587

    CVE-2024-12587

    Título es
    CVE-2024-12587

    Sáb, 11/01/2025 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-12587

    Descripción en
    The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

    11/01/2025
    11/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://wpscan.com/vulnerability/7cb040f5-d154-48ea-a54e-80451054bad8/

    • Enviar en el boletín
    Off

    CVE-2024-9133

    CVE-2024-9133

    Título es
    CVE-2024-9133

    Vie, 10/01/2025 – 22:15

    Tipo
    CWE-287

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9133

    Descripción en
    A user with administrator privileges is able to retrieve authentication tokens

    10/01/2025
    10/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.60

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105

    • Enviar en el boletín
    Off

    CVE-2024-9132

    CVE-2024-9132

    Título es
    CVE-2024-9132

    Vie, 10/01/2025 – 22:15

    Tipo
    CWE-94

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9132

    Descripción en
    The administrator is able to configure an insecure captive portal script

    10/01/2025
    10/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105

    • Enviar en el boletín
    Off

    CVE-2024-9131

    CVE-2024-9131

    Título es
    CVE-2024-9131

    Vie, 10/01/2025 – 22:15

    Tipo
    CWE-88

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9131

    Descripción en
    A user with administrator privileges can perform command injection

    10/01/2025
    10/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105

    • Enviar en el boletín
    Off