CVE-2025-27794

CVE-2025-27794

Título es
CVE-2025-27794

Mié, 12/03/2025 – 14:15

Tipo
CWE-74

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27794

Descripción en
Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain (e.g., `subdomain.host.com`) sets cookies scoped to the parent domain (`.host.com`). This allows session token replacement for applications hosted on sibling subdomains (e.g., `community.host.com`) if session tokens aren't rotated post-authentication. Key Constraints are that the attacker must control any subdomain under the parent domain (e.g., `evil.host.com` or `x.y.host.com`), and the parent domain must not be on the Public Suffix List. Due to non-existent session token rotation after authenticating we can theoretically reproduce the vulnerability by using browser dev tools, but due to the browser's security measures this does not seem to be exploitable as described. Version 1.8.10 contains a patch for the issue.

12/03/2025

12/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
6.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias


  • https://github.com/flarum/framework/commit/a05aaea3ee1e0a8b870935183193cd6052f1d402

  • https://github.com/flarum/framework/releases/tag/v1.8.10

  • https://github.com/flarum/framework/security/advisories/GHSA-hg9j-64wp-m9px

    • Enviar en el boletín
    Off

    CVE-2024-13870

    CVE-2024-13870

    Título es
    CVE-2024-13870

    Mié, 12/03/2025 – 12:15

    Tipo
    CWE-1328

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-13870

    Descripción en
    An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX to be booted in Recovery Mode and that the attacker be present within the WiFi range of the BOX unit.

    12/03/2025

    12/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    1.80

    Gravedad 4.0 txt
    LOW

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://bitdefender.com/support/security-advisories/unauthenticated-firmware-downgrade-in-bitdefender-box-v1

    • Enviar en el boletín
    Off

    CVE-2025-1527

    CVE-2025-1527

    Título es
    CVE-2025-1527

    Mié, 12/03/2025 – 12:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-1527

    Descripción en
    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to a Stored DOM-Based Cross-Site Scripting via the plugin's Flash Sale Countdown module in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

    12/03/2025

    12/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://plugins.trac.wordpress.org/changeset/3253711/woolentor-addons/trunk/includes/modules/flash-sale/assets/js/flash-sale.js

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/d3405b50-a3f0-4280-8a34-ed86ce3d4db4?source=cve

    • Enviar en el boletín
    Off

    CVE-2024-13872

    CVE-2024-13872

    Título es
    CVE-2024-13872

    Mié, 12/03/2025 – 12:15

    Tipo
    CWE-319

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-13872

    Descripción en
    Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token API method. Then, an unauthenticated and network-adjacent attacker can use man-in-the-middle (MITM) techniques to return malicious responses. Restarted daemons that use malicious assets can then be exploited for remote code execution on the device.

    12/03/2025

    12/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    9.40

    Gravedad 4.0 txt
    CRITICAL

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://bitdefender.com/support/security-advisories/insecure-update-mechanism-vulnerability-in-libboxhermes-so-in-bitdefender-box-v1

    • Enviar en el boletín
    Off

    CVE-2024-13871

    CVE-2024-13871

    Título es
    CVE-2024-13871

    Mié, 12/03/2025 – 12:15

    Tipo
    CWE-77

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-13871

    Descripción en
    A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to full remote code execution (RCE).

    12/03/2025

    12/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    9.40

    Gravedad 4.0 txt
    CRITICAL

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://bitdefender.com/support/security-advisories/unauthenticated-command-injection-in-bitdefender-box-v1

    • Enviar en el boletín
    Off

    CVE-2024-10838

    CVE-2024-10838

    Título es
    CVE-2024-10838

    Mié, 12/03/2025 – 13:15

    Tipo
    CWE-191

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-10838

    Descripción en
    An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions.

    12/03/2025

    12/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    8.80

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://github.com/eclipse-cyclonedds/cyclonedds/releases/tag/0.10.5

  • https://github.com/eclipse-cyclonedds/cyclonedds/security/advisories/GHSA-6jj6-w25p-jc42

  • https://gitlab.eclipse.org/security/cve-assignement/-/issues/46

    • Enviar en el boletín
    Off

    CVE-2025-29903

    CVE-2025-29903

    Título es
    CVE-2025-29903

    Mié, 12/03/2025 – 13:15

    Tipo
    CWE-426

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-29903

    Descripción en
    In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible

    12/03/2025

    12/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://www.jetbrains.com/privacy-security/issues-fixed/

    • Enviar en el boletín
    Off

    CVE-2025-29904

    CVE-2025-29904

    Título es
    CVE-2025-29904

    Mié, 12/03/2025 – 13:15

    Tipo
    CWE-444

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-29904

    Descripción en
    In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible

    12/03/2025

    12/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://www.jetbrains.com/privacy-security/issues-fixed/

    • Enviar en el boletín
    Off

    CVE-2025-21860

    CVE-2025-21860

    Título es
    CVE-2025-21860

    Mié, 12/03/2025 – 10:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-21860

    Descripción en
    In the Linux kernel, the following vulnerability has been resolved:

    mm/zswap: fix inconsistency when zswap_store_page() fails

    Commit b7c0ccdfbafd ("mm: zswap: support large folios in zswap_store()")
    skips charging any zswap entries when it failed to zswap the entire folio.

    However, when some base pages are zswapped but it failed to zswap the
    entire folio, the zswap operation is rolled back. When freeing zswap
    entries for those pages, zswap_entry_free() uncharges the zswap entries
    that were not previously charged, causing zswap charging to become
    inconsistent.

    This inconsistency triggers two warnings with following steps:
    # On a machine with 64GiB of RAM and 36GiB of zswap
    $ stress-ng –bigheap 2 # wait until the OOM-killer kills stress-ng
    $ sudo reboot

    The two warnings are:
    in mm/memcontrol.c:163, function obj_cgroup_release():
    WARN_ON_ONCE(nr_bytes & (PAGE_SIZE – 1));

    in mm/page_counter.c:60, function page_counter_cancel():
    if (WARN_ONCE(new

    12/03/2025

    12/03/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://git.kernel.org/stable/c/63895d20d63b446f5049a963983489319c2ea3e2

  • https://git.kernel.org/stable/c/a3652f5552b20903315612da487a7be2b95394d5

    • Enviar en el boletín
    Off

    CVE-2025-21859

    CVE-2025-21859

    Título es
    CVE-2025-21859

    Mié, 12/03/2025 – 10:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-21859

    Descripción en
    In the Linux kernel, the following vulnerability has been resolved:

    USB: gadget: f_midi: f_midi_complete to call queue_work

    When using USB MIDI, a lock is attempted to be acquired twice through a
    re-entrant call to f_midi_transmit, causing a deadlock.

    Fix it by using queue_work() to schedule the inner f_midi_transmit() via
    a high priority work queue from the completion handler.

    12/03/2025

    12/03/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://git.kernel.org/stable/c/24a942610ee9bafb2692a456ae850c5b2e409b05

  • https://git.kernel.org/stable/c/4ab37fcb42832cdd3e9d5e50653285ca84d6686f

  • https://git.kernel.org/stable/c/8aa6b4be1f4efccbfc533e6ec8841d26e4fa8dba

  • https://git.kernel.org/stable/c/deeee3adb2c01eedab32c3b4519337689ad02e8a

  • https://git.kernel.org/stable/c/e9fec6f42c45db2f62dc373fb1a10d2488c04e79

    • Enviar en el boletín
    Off