CVE-2025-0792

CVE-2025-0792

Título es
CVE-2025-0792

Mié, 29/01/2025 – 00:15

Tipo
CWE-74

Gravedad v2.0
6.50

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2025-0792

Descripción en
A vulnerability, which was classified as critical, was found in ESAFENET CDG V5. Affected is an unknown function of the file /sdTodoDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

29/01/2025
29/01/2025
Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:S/C:P/I:P/A:P

Gravedad 4.0
5.30

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
6.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://github.com/Rain1er/report/blob/main/CDG/sdTodoDetail.md

  • https://vuldb.com/?ctiid_293916=

  • https://vuldb.com/?id_293916=

  • https://vuldb.com/?submit_483345=

    • Enviar en el boletín
    Off

    CVE-2025-0791

    CVE-2025-0791

    Título es
    CVE-2025-0791

    Mié, 29/01/2025 – 00:15

    Tipo
    CWE-74

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-0791

    Descripción en
    A vulnerability, which was classified as critical, has been found in ESAFENET CDG V5. This issue affects some unknown processing of the file /sdDoneDetail.jsp. The manipulation of the argument flowId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    29/01/2025
    29/01/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/Rain1er/report/blob/main/CDG/sdDoneDetail.md

  • https://vuldb.com/?ctiid_293915=

  • https://vuldb.com/?id_293915=

  • https://vuldb.com/?submit_483344=

    • Enviar en el boletín
    Off

    CVE-2025-0790

    CVE-2025-0790

    Título es
    CVE-2025-0790

    Mié, 29/01/2025 – 00:15

    Tipo
    CWE-79

    Gravedad v2.0
    4.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-0790

    Descripción en
    A vulnerability classified as problematic was found in ESAFENET CDG V5. This vulnerability affects unknown code of the file /doneDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    29/01/2025
    29/01/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:N/I:P/A:N

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://github.com/Rain1er/report/blob/main/CDG/doneDetail_1.md

  • https://vuldb.com/?ctiid_293914=

  • https://vuldb.com/?id_293914=

  • https://vuldb.com/?submit_483343=

    • Enviar en el boletín
    Off

    CVE-2024-40677

    CVE-2024-40677

    Título es
    CVE-2024-40677

    Mar, 28/01/2025 – 20:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-40677

    Descripción en
    In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

    28/01/2025
    28/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://android.googlesource.com/platform/packages/apps/Settings/+/db26138f07db830e3fb78283d37de3c0296d93cb

  • https://source.android.com/security/bulletin/2024-10-01

    • Enviar en el boletín
    Off

    CVE-2024-40672

    CVE-2024-40672

    Título es
    CVE-2024-40672

    Mar, 28/01/2025 – 20:15

    Tipo
    CWE-281

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-40672

    Descripción en
    In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

    28/01/2025
    28/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://android.googlesource.com/platform/packages/modules/IntentResolver/+/ccd29124d0d2276a3071c0418c14dec188cd3727

  • https://source.android.com/security/bulletin/2024-10-01

    • Enviar en el boletín
    Off

    CVE-2024-40670

    CVE-2024-40670

    Título es
    CVE-2024-40670

    Mar, 28/01/2025 – 20:15

    Tipo
    CWE-416

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-40670

    Descripción en
    In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

    28/01/2025
    28/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://source.android.com/security/bulletin/2024-10-01

    • Enviar en el boletín
    Off

    CVE-2024-40669

    CVE-2024-40669

    Título es
    CVE-2024-40669

    Mar, 28/01/2025 – 20:15

    Tipo
    CWE-416

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-40669

    Descripción en
    In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

    28/01/2025
    28/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://source.android.com/security/bulletin/2024-10-01

    • Enviar en el boletín
    Off

    CVE-2024-40651

    CVE-2024-40651

    Título es
    CVE-2024-40651

    Mar, 28/01/2025 – 20:15

    Tipo
    CWE-416

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-40651

    Descripción en
    In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

    28/01/2025
    28/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://source.android.com/security/bulletin/2024-10-01

    • Enviar en el boletín
    Off

    CVE-2024-40649

    CVE-2024-40649

    Título es
    CVE-2024-40649

    Mar, 28/01/2025 – 20:15

    Tipo
    CWE-416

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-40649

    Descripción en
    In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

    28/01/2025
    28/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://source.android.com/security/bulletin/2024-10-01

    • Enviar en el boletín
    Off

    CVE-2025-0784

    CVE-2025-0784

    Título es
    CVE-2025-0784

    Mar, 28/01/2025 – 20:15

    Tipo
    CWE-310

    Gravedad v2.0
    2.60

    Gravedad 2.0 Txt
    LOW

    Título en

    CVE-2025-0784

    Descripción en
    A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. This vulnerability affects unknown code of the file /v1/usuario/ of the component Registered User Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.59 is able to address this issue. It is recommended to upgrade the affected component.

    28/01/2025
    28/01/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

    Vector CVSS:2.0
    AV:N/AC:H/Au:N/C:P/I:N/A:N

    Gravedad 4.0
    6.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://eldruin.notion.site/Intelbras-InControl-v2-21-57-Password-exposed-in-clear-text-17d27474cccb806fba1efda195c78258?pvs=4

  • https://vuldb.com/?ctiid_293908=

  • https://vuldb.com/?id_293908=

  • https://vuldb.com/?submit_483835=

    • Enviar en el boletín
    Off