Jose Alexis Correa Valencia, Author at AlterPlex

11 Mar 2025

CVE-2025-27493

Título es
CVE-2025-27493

Mar, 11/03/2025 – 10:15

Tipo
CWE-20

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27493

Descripción en
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions

11/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Gravedad 4.0
9.30

Gravedad 4.0 txt
CRITICAL

Gravedad 3.1 (CVSS 3.1 Base Score)
8.20

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://cert-portal.siemens.com/productcert/html/ssa-515903.html

Enviar en el boletín
Off

11 Mar 2025

CVE-2025-27438

Título es
CVE-2025-27438

Mar, 11/03/2025 – 10:15

Tipo
CWE-125

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27438

Descripción en
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions

11/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Gravedad 4.0
7.30

Gravedad 4.0 txt
HIGH

Gravedad 3.1 (CVSS 3.1 Base Score)
7.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://cert-portal.siemens.com/productcert/html/ssa-050438.html

Enviar en el boletín
Off

11 Mar 2025

CVE-2025-27398

Título es
CVE-2025-27398

Mar, 11/03/2025 – 10:15

Tipo
CWE-78

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27398

Descripción en
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions

11/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Gravedad 4.0
2.10

Gravedad 4.0 txt
LOW

Gravedad 3.1 (CVSS 3.1 Base Score)
2.70

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW

Referencias

https://cert-portal.siemens.com/productcert/html/ssa-075201.html

Enviar en el boletín
Off

11 Mar 2025

CVE-2025-27397

Título es
CVE-2025-27397

Mar, 11/03/2025 – 10:15

Tipo
CWE-22

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27397

Descripción en
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions

11/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Gravedad 4.0
5.10

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
3.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW

Referencias

https://cert-portal.siemens.com/productcert/html/ssa-075201.html

Enviar en el boletín
Off

11 Mar 2025

CVE-2025-2174

Título es
CVE-2025-2174

Mar, 11/03/2025 – 07:15

Tipo
CWE-189

Gravedad v2.0
5.00

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2025-2174

Descripción en
A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to integer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is named ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

11/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Gravedad 4.0
6.90

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
5.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://github.com/zapping-vbi/zvbi/commit/ca1672134b3e2962cd392212c73f44f8f4cb489f

https://github.com/zapping-vbi/zvbi/releases/tag/v0.2.44

https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf

https://vuldb.com/?ctiid_299203=

https://vuldb.com/?id_299203=

https://vuldb.com/?submit_512800=

Enviar en el boletín
Off

11 Mar 2025

CVE-2025-2173

Título es
CVE-2025-2173

Mar, 11/03/2025 – 07:15

Tipo
CWE-824

Gravedad v2.0
5.00

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2025-2173

Descripción en
A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to uninitialized pointer. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as 8def647eea27f7fd7ad33ff79c2d6d3e39948dce. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

11/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vector CVSS:2.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Gravedad 4.0
6.90

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
5.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://github.com/zapping-vbi/zvbi/commit/8def647eea27f7fd7ad33ff79c2d6d3e39948dce

https://github.com/zapping-vbi/zvbi/releases/tag/v0.2.44

https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf

https://vuldb.com/?ctiid_299202=

https://vuldb.com/?id_299202=

https://vuldb.com/?submit_512798=

Enviar en el boletín
Off

11 Mar 2025

CVE-2025-2190

Título es
CVE-2025-2190

Mar, 11/03/2025 – 07:15

Tipo
CWE-300

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-2190

Descripción en
The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks.

11/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://security.tecno.com/SRC/blogdetail/393?lang=en_US

https://security.tecno.com/SRC/securityUpdates

Enviar en el boletín
Off

11 Mar 2025

CVE-2025-2175

Título es
CVE-2025-2175

Mar, 11/03/2025 – 07:15

Tipo
CWE-189

Gravedad v2.0
5.00

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2025-2175

Descripción en
A vulnerability was found in libzvbi up to 0.2.43. It has been rated as problematic. Affected by this issue is the function _vbi_strndup_iconv. The manipulation leads to integer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

11/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Gravedad 4.0
5.30

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
4.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://github.com/zapping-vbi/zvbi/releases/tag/v0.2.44

https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf

https://vuldb.com/?ctiid_299204=

https://vuldb.com/?id_299204=

https://vuldb.com/?submit_512801=

Enviar en el boletín
Off

11 Mar 2025

CVE-2024-58102

Título es
CVE-2024-58102

Mar, 11/03/2025 – 08:15

Tipo
CWE-674

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-58102

Descripción en
An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth limit allows stack consumption when parsing user-supplied queries containing deeply nested expressions.

11/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
5.70

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://datalust.co/seq

https://github.com/datalust/seq-tickets/issues/2086

https://github.com/datalust/seq-tickets/issues/2367

Enviar en el boletín
Off

11 Mar 2025

CVE-2025-27912

Título es
CVE-2025-27912

Mar, 11/03/2025 – 08:15

Tipo
CWE-352

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27912

Descripción en
An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1) Entra ID or OpenID Connect authentication is in use and a user visits a compromised/malicious site, or (2) when username/password or Active Directory authentication is in use and a user visits a compromised/malicious site under the same effective top-level domain as the Seq server. Exploitation of the vulnerability allows the attacker to conduct impersonation attacks and perform actions in Seq on behalf of the targeted user.

11/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
8.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://datalust.co/seq

https://github.com/datalust/seq-tickets/issues/2366

Enviar en el boletín
Off

Autor: Jose Alexis Correa Valencia