CVE-2025-27607

CVE-2025-27607

Título es
CVE-2025-27607

Vie, 07/03/2025 – 17:15

Tipo
CWE-829

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27607

Descripción en
Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party. If the package was claimed, it would allow them RCE on any Python JSON Logger user who installed the development dependencies on Python 3.13 (e.g. pip install python-json-logger[dev]). This issue has been resolved with 3.3.0.

07/03/2025

07/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
8.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias


  • https://github.com/nhairs/python-json-logger/commit/2548e3a2e3cedf6bef3ee7c60c55b7c02d1af11a

  • https://github.com/nhairs/python-json-logger/commit/e7761e56edb980cfab0165e32469d5fd017a5d72

  • https://github.com/nhairs/python-json-logger/security/advisories/GHSA-wmxh-pxcx-9w24

  • https://github.com/nhairs/python-json-logger/security/advisories/GHSA-wmxh-pxcx-9w24

    • Enviar en el boletín
    Off

    CVE-2025-26643

    CVE-2025-26643

    Título es
    CVE-2025-26643

    Vie, 07/03/2025 – 19:15

    Tipo
    CWE-449

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-26643

    Descripción en
    No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

    07/03/2025

    07/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26643

    • Enviar en el boletín
    Off

    CVE-2025-2024

    CVE-2025-2024

    Título es
    CVE-2025-2024

    Vie, 07/03/2025 – 20:15

    Tipo
    CWE-457

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-2024

    Descripción en
    Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

    The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25210.

    07/03/2025

    07/03/2025

    Vector CVSS:3.1
    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://www.zerodayinitiative.com/advisories/ZDI-25-111/

    • Enviar en el boletín
    Off

    CVE-2024-53693

    CVE-2024-53693

    Título es
    CVE-2024-53693

    Vie, 07/03/2025 – 17:15

    Tipo
    CWE-93

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-53693

    Descripción en
    An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data.

    We have already fixed the vulnerability in the following versions:
    QTS 5.2.3.3006 build 20250108 and later
    QuTS hero h5.2.3.3006 build 20250108 and later

    07/03/2025

    07/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

    Gravedad 4.0
    7.10

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://www.qnap.com/en/security-advisory/qsa-24-54

    • Enviar en el boletín
    Off

    CVE-2024-53700

    CVE-2024-53700

    Título es
    CVE-2024-53700

    Vie, 07/03/2025 – 17:15

    Tipo
    CWE-77

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-53700

    Descripción en
    A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.

    We have already fixed the vulnerability in the following version:
    QuRouter 2.4.6.028 and later

    07/03/2025

    07/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://www.qnap.com/en/security-advisory/qsa-25-07

    • Enviar en el boletín
    Off

    CVE-2024-53699

    CVE-2024-53699

    Título es
    CVE-2024-53699

    Vie, 07/03/2025 – 17:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-53699

    Descripción en
    An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.

    We have already fixed the vulnerability in the following versions:
    QTS 5.2.3.3006 build 20250108 and later
    QuTS hero h5.2.3.3006 build 20250108 and later

    07/03/2025

    07/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    2.10

    Gravedad 4.0 txt
    LOW

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://www.qnap.com/en/security-advisory/qsa-24-54

    • Enviar en el boletín
    Off

    CVE-2024-53698

    CVE-2024-53698

    Título es
    CVE-2024-53698

    Vie, 07/03/2025 – 17:15

    Tipo
    CWE-415

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-53698

    Descripción en
    A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory.

    We have already fixed the vulnerability in the following versions:
    QTS 5.2.3.3006 build 20250108 and later
    QuTS hero h5.2.3.3006 build 20250108 and later

    07/03/2025

    07/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    2.10

    Gravedad 4.0 txt
    LOW

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://www.qnap.com/en/security-advisory/qsa-24-54

    • Enviar en el boletín
    Off

    CVE-2024-53697

    CVE-2024-53697

    Título es
    CVE-2024-53697

    Vie, 07/03/2025 – 17:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-53697

    Descripción en
    An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.

    We have already fixed the vulnerability in the following versions:
    QTS 5.2.3.3006 build 20250108 and later
    QuTS hero h5.2.3.3006 build 20250108 and later

    07/03/2025

    07/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    2.10

    Gravedad 4.0 txt
    LOW

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://www.qnap.com/en/security-advisory/qsa-24-54

    • Enviar en el boletín
    Off

    CVE-2024-53696

    CVE-2024-53696

    Título es
    CVE-2024-53696

    Vie, 07/03/2025 – 17:15

    Tipo
    CWE-918

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-53696

    Descripción en
    A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data.

    We have already fixed the vulnerability in the following versions:
    QuLog Center 1.7.0.829 ( 2024/10/01 ) and later
    QuLog Center 1.8.0.888 ( 2024/10/15 ) and later
    QTS 4.5.4.2957 build 20241119 and later
    QuTS hero h4.5.4.2956 build 20241119 and later

    07/03/2025

    07/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://www.qnap.com/en/security-advisory/qsa-24-53

    • Enviar en el boletín
    Off

    CVE-2024-53695

    CVE-2024-53695

    Título es
    CVE-2024-53695

    Vie, 07/03/2025 – 17:15

    Tipo
    CWE-120

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-53695

    Descripción en
    A buffer overflow vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to modify memory or crash processes.

    We have already fixed the vulnerability in the following version:
    HBS 3 Hybrid Backup Sync 25.1.4.952 and later

    07/03/2025

    07/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    6.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://www.qnap.com/en/security-advisory/qsa-25-06

    • Enviar en el boletín
    Off