CVE-2025-24483

CVE-2025-24483

Título es
CVE-2025-24483

Jue, 06/02/2025 – 08:15

Tipo
CWE-476

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-24483

Descripción en
NULL pointer dereference vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker provides specially crafted data to the specific process of the Windows system where the product is running, the system may cause a Blue Screen of Death (BSOD), and as a result, cause a denial-of-service (DoS) condition.

06/02/2025
06/02/2025
Vector CVSS:3.1
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://jvn.jp/en/jp/JVN66673020/

  • https://www.hummingheads.co.jp/dep/storelist/

    • Enviar en el boletín
    Off

    CVE-2025-23236

    CVE-2025-23236

    Título es
    CVE-2025-23236

    Jue, 06/02/2025 – 08:15

    Tipo
    CWE-120

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23236

    Descripción en
    Buffer overflow vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obtained.

    06/02/2025
    06/02/2025
    Vector CVSS:3.1
    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://jvn.jp/en/jp/JVN66673020/

  • https://www.hummingheads.co.jp/dep/storelist/

    • Enviar en el boletín
    Off

    CVE-2025-22894

    CVE-2025-22894

    Título es
    CVE-2025-22894

    Jue, 06/02/2025 – 08:15

    Tipo
    CWE-422

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-22894

    Descripción en
    Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary files in the system may be altered. As a result, an arbitrary DLL may be executed with SYSTEM privilege.

    06/02/2025
    06/02/2025
    Vector CVSS:3.1
    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://jvn.jp/en/jp/JVN66673020/

  • https://www.hummingheads.co.jp/dep/storelist/

    • Enviar en el boletín
    Off

    CVE-2024-51547

    CVE-2024-51547

    Título es
    CVE-2024-51547

    Jue, 06/02/2025 – 05:15

    Tipo
    CWE-798

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-51547

    Descripción en
    Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

    06/02/2025
    06/02/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 4.0
    9.30

    Gravedad 4.0 txt
    CRITICAL

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A6775&LanguageCode=en&DocumentPartId=pdf%20-%20Public%20Advisory&Action=Launch

    • Enviar en el boletín
    Off

    CVE-2025-0522

    CVE-2025-0522

    Título es
    CVE-2025-0522

    Jue, 06/02/2025 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-0522

    Descripción en
    The LikeBot WordPress plugin through 0.85 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

    06/02/2025
    06/02/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://wpscan.com/vulnerability/4c2eed5a-f4d8-457d-a403-7eaced36c491/

    • Enviar en el boletín
    Off

    CVE-2024-49814

    CVE-2024-49814

    Título es
    CVE-2024-49814

    Jue, 06/02/2025 – 01:15

    Tipo
    CWE-250

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-49814

    Descripción en
    IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges.

    06/02/2025
    06/02/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.ibm.com/support/pages/node/7182558

    • Enviar en el boletín
    Off

    CVE-2025-0799

    CVE-2025-0799

    Título es
    CVE-2025-0799

    Jue, 06/02/2025 – 01:15

    Tipo
    CWE-22

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-0799

    Descripción en
    IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories.

    06/02/2025
    06/02/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.ibm.com/support/pages/node/7182418

    • Enviar en el boletín
    Off

    CVE-2024-51450

    CVE-2024-51450

    Título es
    CVE-2024-51450

    Jue, 06/02/2025 – 01:15

    Tipo
    CWE-78

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-51450

    Descripción en
    IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

    06/02/2025
    06/02/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://www.ibm.com/support/pages/node/7182558

    • Enviar en el boletín
    Off

    CVE-2024-49794

    CVE-2024-49794

    Título es
    CVE-2024-49794

    Jue, 06/02/2025 – 00:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-49794

    Descripción en
    IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

    06/02/2025
    06/02/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.ibm.com/support/pages/node/7182522

    • Enviar en el boletín
    Off

    CVE-2024-49793

    CVE-2024-49793

    Título es
    CVE-2024-49793

    Jue, 06/02/2025 – 00:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-49793

    Descripción en
    IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

    06/02/2025
    06/02/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.ibm.com/support/pages/node/7182522

    • Enviar en el boletín
    Off