marzo 2025 - Página 177 de 185

3 Mar 2025

CVE-2025-20649

Título es
CVE-2025-20649

Lun, 03/03/2025 – 03:15

Tipo
CWE-280

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-20649

Descripción en
In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00396437; Issue ID: MSV-2184.

03/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://corp.mediatek.com/product-security-bulletin/March-2025

Enviar en el boletín
Off

3 Mar 2025

CVE-2025-20648

Título es
CVE-2025-20648

Lun, 03/03/2025 – 03:15

Tipo
CWE-125

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-20648

Descripción en
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09456673; Issue ID: MSV-2584.

03/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://corp.mediatek.com/product-security-bulletin/March-2025

Enviar en el boletín
Off

3 Mar 2025

CVE-2025-20647

Título es
CVE-2025-20647

Lun, 03/03/2025 – 03:15

Tipo
CWE-476

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-20647

Descripción en
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00791311 / MOLY01067019; Issue ID: MSV-2721.

03/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://corp.mediatek.com/product-security-bulletin/March-2025

Enviar en el boletín
Off

3 Mar 2025

CVE-2025-1849

Título es
CVE-2025-1849

Lun, 03/03/2025 – 04:15

Tipo
CWE-918

Gravedad v2.0
6.50

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2025-1849

Descripción en
A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is an unknown functionality of the file /import_data_todb. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

03/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:S/C:P/I:P/A:P

Gravedad 4.0
5.30

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
6.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://github.com/caigo8/CVE-md/blob/main/zz/zz_import_data_todb_SSRF.md

https://vuldb.com/?ctiid_298117=

https://vuldb.com/?id_298117=

https://vuldb.com/?submit_505346=

Enviar en el boletín
Off

3 Mar 2025

CVE-2025-1848

Título es
CVE-2025-1848

Lun, 03/03/2025 – 04:15

Tipo
CWE-918

Gravedad v2.0
6.50

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2025-1848

Descripción en
A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is an unknown function of the file /import_data_check. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

03/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:S/C:P/I:P/A:P

Gravedad 4.0
5.30

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
6.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://github.com/caigo8/CVE-md/blob/main/zz/zz_import_data_check_SSRF.md

https://vuldb.com/?ctiid_298116=

https://vuldb.com/?id_298116=

https://vuldb.com/?submit_505345=

Enviar en el boletín
Off

3 Mar 2025

CVE-2025-27590

Título es
CVE-2025-27590

Lun, 03/03/2025 – 04:15

Tipo
CWE-22

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27590

Descripción en
In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web.

03/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
9.00

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CRITICAL

Referencias

https://github.com/ytti/oxidized-web/commit/a5220a0ddc57b85cd122bffee228d3ed4901668e

https://github.com/ytti/oxidized-web/releases/tag/0.15.0

Enviar en el boletín
Off

3 Mar 2025

CVE-2025-20644

Título es
CVE-2025-20644

Lun, 03/03/2025 – 03:15

Tipo
CWE-1286

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-20644

Descripción en
In Modem, there is a possible memory corruption due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01525673; Issue ID: MSV-2747.

03/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://corp.mediatek.com/product-security-bulletin/March-2025

Enviar en el boletín
Off

3 Mar 2025

CVE-2025-20653

Título es
CVE-2025-20653

Lun, 03/03/2025 – 03:15

Tipo
CWE-190

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-20653

Descripción en
In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291064; Issue ID: MSV-2046.

03/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://corp.mediatek.com/product-security-bulletin/March-2025

Enviar en el boletín
Off

3 Mar 2025

CVE-2025-20652

Título es
CVE-2025-20652

Lun, 03/03/2025 – 03:15

Tipo
CWE-125

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-20652

Descripción en
In V5 DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291215; Issue ID: MSV-2052.

03/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://corp.mediatek.com/product-security-bulletin/March-2025

Enviar en el boletín
Off

3 Mar 2025

CVE-2025-25953

Título es
CVE-2025-25953

Lun, 03/03/2025 – 01:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-25953

Descripción en
Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information.

03/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89640

Enviar en el boletín
Off

Archivos mensuales: marzo 2025