Jose Alexis Correa Valencia, Author at AlterPlex

17 Mar 2025

CVE-2025-0495

Título es
CVE-2025-0495

Lun, 17/03/2025 – 20:15

Tipo
CWE-532

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-0495

Descripción en
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit.

Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command. OpenTelemetry traces are also saved in BuildKit daemon's history records.

This vulnerability does not impact secrets passed to the Github cache backend via environment variables or registry authentication.

17/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Gravedad 4.0
4.10

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://github.com/docker/buildx

Enviar en el boletín
Off

17 Mar 2025

CVE-2024-54565

Título es
CVE-2024-54565

Lun, 17/03/2025 – 20:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-54565

Descripción en
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to access sensitive user data.

17/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://support.apple.com/en-us/121839

Enviar en el boletín
Off

17 Mar 2025

CVE-2024-54559

Título es
CVE-2024-54559

Lun, 17/03/2025 – 20:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-54559

Descripción en
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to access sensitive user data.

17/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://support.apple.com/en-us/121839

Enviar en el boletín
Off

17 Mar 2025

CVE-2024-54525

Título es
CVE-2024-54525

Lun, 17/03/2025 – 20:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-54525

Descripción en
A logic issue was addressed with improved file handling. This issue is fixed in visionOS 2.2, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. Restoring a maliciously crafted backup file may lead to modification of protected system files.

17/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://support.apple.com/en-us/121837

https://support.apple.com/en-us/121839

https://support.apple.com/en-us/121843

https://support.apple.com/en-us/121844

https://support.apple.com/en-us/121845

Enviar en el boletín
Off

17 Mar 2025

CVE-2024-44276

Título es
CVE-2024-44276

Lun, 17/03/2025 – 20:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-44276

Descripción en
This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information.

17/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://support.apple.com/en-us/121837

Enviar en el boletín
Off

17 Mar 2025

CVE-2025-2392

Título es
CVE-2025-2392

Lun, 17/03/2025 – 20:15

Tipo
CWE-74

Gravedad v2.0
5.80

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2025-2392

Descripción en
A vulnerability, which was classified as critical, has been found in code-projects Online Class and Exam Scheduling System 1.0. This issue affects some unknown processing of the file /pages/activate.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

17/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:M/C:P/I:P/A:P

Gravedad 4.0
5.10

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
4.70

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://code-projects.org/

https://github.com/intercpt/XSS1/blob/main/SQL11.md

https://vuldb.com/?ctiid_299891=

https://vuldb.com/?id_299891=

https://vuldb.com/?submit_516912=

Enviar en el boletín
Off

17 Mar 2025

CVE-2025-2391

Título es
CVE-2025-2391

Lun, 17/03/2025 – 20:15

Tipo
CWE-74

Gravedad v2.0
7.50

Gravedad 2.0 Txt
HIGH

Título en

CVE-2025-2391

Descripción en
A vulnerability classified as critical was found in code-projects Blood Bank Management System 1.0. This vulnerability affects unknown code of the file /admin/admin_login.php of the component Admin Login Page. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

17/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:N/C:P/I:P/A:P

Gravedad 4.0
6.90

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
7.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://code-projects.org/

https://github.com/intercpt/XSS1/blob/main/SQL10.md

https://vuldb.com/?ctiid_299890=

https://vuldb.com/?id_299890=

https://vuldb.com/?submit_516910=

Enviar en el boletín
Off

17 Mar 2025

CVE-2025-26393

Título es
CVE-2025-26393

Lun, 17/03/2025 – 20:15

Tipo
CWE-653

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-26393

Descripción en
SolarWinds Service Desk is affected by a broken access control vulnerability. The issue allows authenticated users to escalate privileges, leading to unauthorized data manipulation.

17/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
5.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26393

Enviar en el boletín
Off

17 Mar 2025

CVE-2025-25914

Título es
CVE-2025-25914

Lun, 17/03/2025 – 20:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-25914

Descripción en
SQL injection vulnerability in Online Exam Mastering System v.1.0 allows a remote attacker to execute arbitrary code via the fid parameter

17/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://github.com/872323857/CVE/blob/main/online-exam-mastering-system_sqlinject.md

Enviar en el boletín
Off

17 Mar 2025

CVE-2024-48831

Título es
CVE-2024-48831

Lun, 17/03/2025 – 18:15

Tipo
CWE-259

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-48831

Descripción en
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Hard-coded Password vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

17/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
8.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://www.dell.com/support/kbdoc/en-us/000295014/dsa-2025-068-security-update-for-dell-networking-os10-vulnerabilities

Enviar en el boletín
Off

Autor: Jose Alexis Correa Valencia