CVE-2018-9373

CVE-2018-9373

Título es
CVE-2018-9373

Mar, 28/01/2025 – 17:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2018-9373

Descripción en
In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

28/01/2025
28/01/2025
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://source.android.com/security/bulletin/2018-06-01

    • Enviar en el boletín
    Off

    CVE-2017-13318

    CVE-2017-13318

    Título es
    CVE-2017-13318

    Mar, 28/01/2025 – 17:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2017-13318

    Descripción en
    In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

    28/01/2025
    28/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://source.android.com/security/bulletin/pixel/2018-05-01

    • Enviar en el boletín
    Off

    CVE-2025-0781

    CVE-2025-0781

    Título es
    CVE-2025-0781

    Mar, 28/01/2025 – 17:15

    Tipo
    CWE-863

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-0781

    Descripción en
    An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.

    28/01/2025
    28/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.60

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358

  • https://gitlab.com/flightgear/flightgear/-/issues/3025

  • https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8

    • Enviar en el boletín
    Off

    CVE-2024-8401

    CVE-2024-8401

    Título es
    CVE-2024-8401

    Mar, 28/01/2025 – 17:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-8401

    Descripción en
    CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
    vulnerability exists when an authenticated attacker modifies folder names within the context of
    the product.

    28/01/2025
    28/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-254-02&p_enDocType=Security%20and%20Safety%20Notice&p_File_Name=SEVD-2024-254-02.pdf

    • Enviar en el boletín
    Off

    CVE-2025-23053

    CVE-2025-23053

    Título es
    CVE-2025-23053

    Mar, 28/01/2025 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23053

    Descripción en
    A privilege escalation vulnerability exists in the web-based management interface of HPE Aruba Networking Fabric Composer. Successful exploitation could allow an authenticated low privilege operator user to change the state of certain settings of a vulnerable system.

    28/01/2025
    28/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04775en_us&docLocale=en_US

    • Enviar en el boletín
    Off

    CVE-2025-23057

    CVE-2025-23057

    Título es
    CVE-2025-23057

    Mar, 28/01/2025 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23057

    Descripción en
    A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface.

    28/01/2025
    28/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04775en_us&docLocale=en_US

    • Enviar en el boletín
    Off

    CVE-2025-23056

    CVE-2025-23056

    Título es
    CVE-2025-23056

    Mar, 28/01/2025 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23056

    Descripción en
    A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface.

    28/01/2025
    28/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04775en_us&docLocale=en_US

    • Enviar en el boletín
    Off

    CVE-2025-23055

    CVE-2025-23055

    Título es
    CVE-2025-23055

    Mar, 28/01/2025 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23055

    Descripción en
    A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface.

    28/01/2025
    28/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04775en_us&docLocale=en_US

    • Enviar en el boletín
    Off

    CVE-2025-23054

    CVE-2025-23054

    Título es
    CVE-2025-23054

    Mar, 28/01/2025 – 18:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23054

    Descripción en
    A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an authenticated low privilege operator user to perform operations not allowed by their privilege level. Successful exploitation could allow an attacker to manipulate user generated files, potentially leading to unauthorized changes in critical system configurations.

    28/01/2025
    28/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04775en_us&docLocale=en_US

    • Enviar en el boletín
    Off

    CVE-2024-7881

    CVE-2024-7881

    Título es
    CVE-2024-7881

    Mar, 28/01/2025 – 15:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7881

    Descripción en
    An unprivileged context can trigger a data
    memory-dependent prefetch engine to fetch the contents of a privileged location
    and consume those contents as an address that is also dereferenced.

    28/01/2025
    28/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881

    • Enviar en el boletín
    Off