marzo 2025 - Página 163 de 185

4 Mar 2025

CVE-2025-1946

Título es
CVE-2025-1946

Mar, 04/03/2025 – 19:15

Tipo
CWE-74

Gravedad v2.0
6.50

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2025-1946

Descripción en
A vulnerability was found in hzmanyun Education and Training System 2.1. It has been rated as critical. Affected by this issue is the function exportPDF of the file /user/exportPDF. The manipulation of the argument id leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

04/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:S/C:P/I:P/A:P

Gravedad 4.0
5.30

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
6.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://github.com/heiheixz/report/blob/main/nxb_1.md

https://vuldb.com/?ctiid_298520=

https://vuldb.com/?id_298520=

https://vuldb.com/?submit_506657=

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-1952

Título es
CVE-2025-1952

Mar, 04/03/2025 – 19:15

Tipo
CWE-74

Gravedad v2.0
7.50

Gravedad 2.0 Txt
HIGH

Título en

CVE-2025-1952

Descripción en
A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/password-recovery.php. The manipulation of the argument username/mobileno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

04/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:N/C:P/I:P/A:P

Gravedad 4.0
6.90

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
7.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://github.com/zrlianc/CVE/issues/1

https://phpgurukul.com/

https://vuldb.com/?ctiid_298542=

https://vuldb.com/?id_298542=

https://vuldb.com/?submit_509955=

https://github.com/zrlianc/CVE/issues/1

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-26202

Título es
CVE-2025-26202

Mar, 04/03/2025 – 19:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-26202

Descripción en
Cross-Site Scripting (XSS) vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Security settings (2.4GHz & 5GHz bands) in DZS Router Web Interface. An authenticated attacker can inject malicious JavaScript into the passphrase field, which is stored and later executed when an administrator views the passphrase via the "Click here to display" option on the Status page

04/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

http://dzs.com

http://znid-gpon-2428b1-0st.com

https://github.com/A17-ba/CVE-2025-26202-Details

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-1969

Título es
CVE-2025-1969

Mar, 04/03/2025 – 19:15

Tipo
CWE-346

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-1969

Descripción en
Improper request input validation in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM.

Upgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for updating process

04/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Gravedad 4.0
5.30

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
4.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://aws.amazon.com/security/security-bulletins/AWS-2025-004/

https://github.com/aws-samples/iam-identity-center-team/security/advisories/GHSA-x9xv-r58p-qh86

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-1080

Título es
CVE-2025-1080

Mar, 04/03/2025 – 20:15

Tipo
CWE-20

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-1080

Descripción en
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.
This issue affects LibreOffice: from 24.8 before

04/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Gravedad 4.0
7.20

Gravedad 4.0 txt
HIGH

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-1953

Título es
CVE-2025-1953

Mar, 04/03/2025 – 20:15

Tipo
CWE-310

Gravedad v2.0
1.40

Gravedad 2.0 Txt
LOW

Título en

CVE-2025-1953

Descripción en
A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pkg/plugins/gateway/prefixcacheindexer/hash.go of the component Prefix Caching. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.3.0 is able to address this issue. It is recommended to upgrade the affected component.

04/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Vector CVSS:2.0
AV:A/AC:H/Au:S/C:P/I:N/A:N

Gravedad 4.0
2.10

Gravedad 4.0 txt
LOW

Gravedad 3.1 (CVSS 3.1 Base Score)
2.60

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW

Referencias

https://github.com/vllm-project/aibrix/issues/749

https://github.com/vllm-project/aibrix/issues/749#event-16488517974

https://github.com/vllm-project/aibrix/pull/752

https://github.com/vllm-project/aibrix/pull/752/commits/3d25d95aebd66f24a549200edcebc5ea423b317a

https://vuldb.com/?ctiid_298543=

https://vuldb.com/?id_298543=

https://vuldb.com/?submit_509958=

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-1260

Título es
CVE-2025-1260

Mar, 04/03/2025 – 20:15

Tipo
CWE-284

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-1260

Descripción en
On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in unexpected configuration/operations being applied to the switch.

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
9.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CRITICAL

Referencias

https://www.arista.com/en/support/advisories-notices/security-advisory/21098-security-advisory-0111

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-1259

Título es
CVE-2025-1259

Mar, 04/03/2025 – 20:15

Tipo
CWE-284

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-1259

Descripción en
On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in users retrieving data that should not have been available

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
7.70

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://www.arista.com/en/support/advisories-notices/security-advisory/21098-security-advisory-0111

Enviar en el boletín
Off

4 Mar 2025

CVE-2024-10930

Título es
CVE-2024-10930

Mar, 04/03/2025 – 18:15

Tipo
CWE-427

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-10930

Descripción en
An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges.

04/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Gravedad 4.0
7.10

Gravedad 4.0 txt
HIGH

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-01

https://www.corporate.carrier.com/product-security/advisories-resources/

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-27156

Título es
CVE-2025-27156

Mar, 04/03/2025 – 17:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27156

Descripción en
Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail clients. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740567344 and Tuleap Enterprise Edition 16.4-6 and 16.3-11.

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
4.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://github.com/Enalean/tuleap/commit/a0bc657297b405debce1f5bcbbb30c733f3f09bd

https://github.com/Enalean/tuleap/security/advisories/GHSA-x2v2-xr59-c9cf

https://tuleap.net/plugins/tracker/?aid=42177

Enviar en el boletín
Off

Archivos mensuales: marzo 2025