CVE-2024-12379

CVE-2024-12379

Título es
CVE-2024-12379

Mié, 12/02/2025 – 15:15

Tipo
CWE-770

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-12379

Descripción en
A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token.

12/02/2025
12/02/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://gitlab.com/gitlab-org/gitlab/-/issues/508559

  • https://hackerone.com/reports/2871791

    • Enviar en el boletín
    Off

    CVE-2024-12251

    CVE-2024-12251

    Título es
    CVE-2024-12251

    Mié, 12/02/2025 – 15:15

    Tipo
    CWE-77

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-12251

    Descripción en
    In Progress® Telerik® UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements.

    12/02/2025
    12/02/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://docs.telerik.com/devtools/winui/security/kb-security-command-injection-cve-2024-12251

    • Enviar en el boletín
    Off

    CVE-2025-0376

    CVE-2025-0376

    Título es
    CVE-2025-0376

    Mié, 12/02/2025 – 15:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-0376

    Descripción en
    An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page.

    12/02/2025
    12/02/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://gitlab.com/gitlab-org/gitlab/-/issues/512603

  • https://hackerone.com/reports/2930243

    • Enviar en el boletín
    Off

    CVE-2024-54160

    CVE-2024-54160

    Título es
    CVE-2024-54160

    Mié, 12/02/2025 – 15:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-54160

    Descripción en
    dashboards-reporting (aka Dashboards Reports) before 2.19.0.0, as shipped in OpenSearch before 2.19, allows XSS because Markdown is not sanitized when previewing a header or footer.

    12/02/2025
    12/02/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/Jflye/CVE-2024-54160–Opensearch-HTML-Injection

  • https://github.com/opensearch-project/dashboards-reporting/compare/2.18.0.0…2.19.0.0

  • https://github.com/opensearch-project/dashboards-reporting/pull/476

  • https://github.com/opensearch-project/opensearch-build/blob/main/release-notes/opensearch-release-notes-2.19.0.md

  • https://opensearch.org/releases.html

    • Enviar en el boletín
    Off

    CVE-2025-1042

    CVE-2025-1042

    Título es
    CVE-2025-1042

    Mié, 12/02/2025 – 15:15

    Tipo
    CWE-552

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-1042

    Descripción en
    An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way.

    12/02/2025
    12/02/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://gitlab.com/gitlab-org/gitlab/-/issues/50849943

  • https://hackerone.com/reports/2886976

    • Enviar en el boletín
    Off

    CVE-2025-1202

    CVE-2025-1202

    Título es
    CVE-2025-1202

    Mié, 12/02/2025 – 15:15

    Tipo
    CWE-74

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-1202

    Descripción en
    A vulnerability classified as critical has been found in SourceCodester Best Church Management Software 1.1. Affected is an unknown function of the file /admin/edit_slider.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

    12/02/2025
    12/02/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/Yesec/Best-church-management-software/blob/main/edit_slider.php.md

  • https://vuldb.com/?ctiid_295110=

  • https://vuldb.com/?id_295110=

  • https://vuldb.com/?submit_496954=

  • https://www.sourcecodester.com/

    • Enviar en el boletín
    Off

    CVE-2025-1244

    CVE-2025-1244

    Título es
    CVE-2025-1244

    Mié, 12/02/2025 – 15:15

    Tipo
    CWE-78

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-1244

    Descripción en
    A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

    12/02/2025
    12/02/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://access.redhat.com/security/cve/CVE-2025-1244

  • https://bugzilla.redhat.com/show_bug.cgi?id=2345150

    • Enviar en el boletín
    Off

    CVE-2025-1212

    CVE-2025-1212

    Título es
    CVE-2025-1212

    Mié, 12/02/2025 – 15:15

    Tipo
    CWE-497

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-1212

    Descripción en
    An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information.

    12/02/2025
    12/02/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://gitlab.com/gitlab-org/gitlab/-/issues/502196

    • Enviar en el boletín
    Off

    CVE-2025-1206

    CVE-2025-1206

    Título es
    CVE-2025-1206

    Mié, 12/02/2025 – 15:15

    Tipo
    CWE-74

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-1206

    Descripción en
    A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /dashboard/admin/viewdetailroutine.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

    12/02/2025
    12/02/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/sekaino-sakura/CVE/blob/main/CVE_1.md

  • https://vuldb.com/?ctiid_295143=

  • https://vuldb.com/?id_295143=

  • https://vuldb.com/?submit_496961=

    • Enviar en el boletín
    Off

    CVE-2025-26370

    CVE-2025-26370

    Título es
    CVE-2025-26370

    Mié, 12/02/2025 – 14:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-26370

    Descripción en
    A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove privileges from user groups via crafted HTTP requests.

    12/02/2025
    12/02/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26370

    • Enviar en el boletín
    Off