CVE-2025-30143

CVE-2025-30143

Título es
CVE-2025-30143

Lun, 17/03/2025 – 16:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-30143

Descripción en
Rule 3000216 (before version 2) in Akamai App & API Protector (with Akamai ASE) before 2024-12-10 does not properly consider JavaScript variable assignment to built-in functions and properties.

17/03/2025

17/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
5.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias


  • https://github.com/geo-chen/Akamai/blob/main/README.md#cve-2025-30143—waf-bypass-in-akamai-ase-application-security-edge-due-to-obfuscated-payload-leading-to-reflected-xss

  • https://techdocs.akamai.com/app-api-protector/changelog/dec-9-2024-waf-rule-updates

    • Enviar en el boletín
    Off

    CVE-2024-48013

    CVE-2024-48013

    Título es
    CVE-2024-48013

    Lun, 17/03/2025 – 17:15

    Tipo
    CWE-250

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-48013

    Descripción en
    Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

    17/03/2025

    17/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://www.dell.com/support/kbdoc/en-us/000289970/dsa-2025-070-security-update-for-dell-networking-os10-vulnerabilities

  • https://www.dell.com/support/kbdoc/en-us/000293638/dsa-2025-069-security-update-for-dell-networking-os10-vulnerabilities

  • https://www.dell.com/support/kbdoc/en-us/000294091/dsa-2025-079-security-update-for-dell-networking-os10-vulnerabilities

  • https://www.dell.com/support/kbdoc/en-us/000295014/dsa-2025-068-security-update-for-dell-networking-os10-vulnerabilities

    • Enviar en el boletín
    Off

    CVE-2024-48830

    CVE-2024-48830

    Título es
    CVE-2024-48830

    Lun, 17/03/2025 – 17:15

    Tipo
    CWE-77

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-48830

    Descripción en
    Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

    17/03/2025

    17/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://www.dell.com/support/kbdoc/en-us/000289970/dsa-2025-070-security-update-for-dell-networking-os10-vulnerabilities

  • https://www.dell.com/support/kbdoc/en-us/000293638/dsa-2025-069-security-update-for-dell-networking-os10-vulnerabilities

  • https://www.dell.com/support/kbdoc/en-us/000294091/dsa-2025-079-security-update-for-dell-networking-os10-vulnerabilities

  • https://www.dell.com/support/kbdoc/en-us/000295014/dsa-2025-068-security-update-for-dell-networking-os10-vulnerabilities

    • Enviar en el boletín
    Off

    CVE-2025-25685

    CVE-2025-25685

    Título es
    CVE-2025-25685

    Lun, 17/03/2025 – 17:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-25685

    Descripción en
    An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Attackers are able to download arbitrary files from the device's file system via adding symbolic links on an external drive used as a samba share.

    17/03/2025

    17/03/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://medium.com/@tfortinsec/multiple-path-traversal-vulnerabilities-in-the-beryl-ax-gl-mt300-router-e7f856d14af9

    • Enviar en el boletín
    Off

    CVE-2025-25684

    CVE-2025-25684

    Título es
    CVE-2025-25684

    Lun, 17/03/2025 – 17:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-25684

    Descripción en
    A lack of validation in the path parameter (/download) of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request.

    17/03/2025

    17/03/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://medium.com/@tfortinsec/multiple-path-traversal-vulnerabilities-in-the-beryl-ax-gl-mt300-router-e7f856d14af9

    • Enviar en el boletín
    Off

    CVE-2025-22474

    CVE-2025-22474

    Título es
    CVE-2025-22474

    Lun, 17/03/2025 – 17:15

    Tipo
    CWE-918

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-22474

    Descripción en
    Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.

    17/03/2025

    17/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://www.dell.com/support/kbdoc/en-us/000289970/dsa-2025-070-security-update-for-dell-networking-os10-vulnerabilities

  • https://www.dell.com/support/kbdoc/en-us/000293638/dsa-2025-069-security-update-for-dell-networking-os10-vulnerabilities

  • https://www.dell.com/support/kbdoc/en-us/000294091/dsa-2025-079-security-update-for-dell-networking-os10-vulnerabilities

  • https://www.dell.com/support/kbdoc/en-us/000295014/dsa-2025-068-security-update-for-dell-networking-os10-vulnerabilities

    • Enviar en el boletín
    Off

    CVE-2025-2241

    CVE-2025-2241

    Título es
    CVE-2025-2241

    Lun, 17/03/2025 – 17:15

    Tipo
    CWE-922

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-2241

    Descripción en
    A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract sensitive credentials even if they do not have direct access to Kubernetes Secrets. This issue can lead to unauthorized VCenter access, cluster management, and privilege escalation.

    17/03/2025

    17/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://access.redhat.com/security/cve/CVE-2025-2241

  • https://bugzilla.redhat.com/show_bug.cgi?id=2351350

    • Enviar en el boletín
    Off

    CVE-2025-29431

    CVE-2025-29431

    Título es
    CVE-2025-29431

    Lun, 17/03/2025 – 17:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-29431

    Descripción en
    Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/department.php via the id, code, and name parameters.

    17/03/2025

    17/03/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://github.com/872323857/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System-department.php.md

    • Enviar en el boletín
    Off

    CVE-2025-2386

    CVE-2025-2386

    Título es
    CVE-2025-2386

    Lun, 17/03/2025 – 17:15

    Tipo
    CWE-74

    Gravedad v2.0
    7.50

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2025-2386

    Descripción en
    A vulnerability was found in PHPGurukul Local Services Search Engine Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /serviceman-search.php. The manipulation of the argument location leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

    17/03/2025

    17/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:N/C:P/I:P/A:P

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://github.com/aionman/cve/issues/7

  • https://phpgurukul.com/

  • https://vuldb.com/?ctiid_299885=

  • https://vuldb.com/?id_299885=

  • https://vuldb.com/?submit_516546=

    • Enviar en el boletín
    Off

    CVE-2025-27102

    CVE-2025-27102

    Título es
    CVE-2025-27102

    Lun, 17/03/2025 – 14:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27102

    Descripción en
    Agate is central authentication server software for OBiBa epidemiology applications. Prior to version 3.3.0, when registering for an Agate account, arbitrary HTML code can be injected into a user's first and last name. This HTML is then rendered in the email sent to administrative users. The Agate service account sends this email and appears trustworthy, making this a significant risk for phishing attacks. Administrative users are impacted, as they can be targeted by unauthenticated users. Version 3.3.0 fixes the issue.

    17/03/2025

    17/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    5.40

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://github.com/obiba/agate/releases/tag/3.3.0

  • https://github.com/obiba/agate/security/advisories/GHSA-v3wj-7vj5-xj5v

  • https://github.com/obiba/agate/security/advisories/GHSA-v3wj-7vj5-xj5v

    • Enviar en el boletín
    Off