Jose Alexis Correa Valencia, Author at AlterPlex

6 Mar 2025

CVE-2025-1696

Título es
CVE-2025-1696

Jue, 06/03/2025 – 12:15

Tipo
CWE-532

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-1696

Descripción en
A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in clear text whenever an HTTP GET request was made through a proxy. An attacker with read access to these logs could obtain the proxy information and leverage it for further attacks or unauthorized access. Starting with version 4.39.0, Docker Desktop no longer logs the proxy string, thereby mitigating this risk.

06/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Gravedad 4.0
5.20

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://docs.docker.com/desktop/settings-and-maintenance/settings/#proxies

https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs

Enviar en el boletín
Off

6 Mar 2025

CVE-2025-1666

Título es
CVE-2025-1666

Jue, 06/03/2025 – 12:15

Tipo
CWE-862

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-1666

Descripción en
The Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the send_uninstall_survey() function in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit the uninstall survey on behalf of a website.

06/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
4.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://plugins.trac.wordpress.org/browser/cookiebot/tags/4.4.1/src/lib/Cookiebot_Review.php#L135

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3251089%40cookiebot&new=3251089%40cookiebot

https://www.wordfence.com/threat-intel/vulnerabilities/id/d2e5fca6-363c-4875-9eb8-44e080d99650?source=cve

Enviar en el boletín
Off

6 Mar 2025

CVE-2024-13897

Título es
CVE-2024-13897

Jue, 06/03/2025 – 09:15

Tipo
CWE-22

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-13897

Descripción en
The Moving Media Library plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the generate_json_page function in all versions up to, and including, 1.22. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

06/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://plugins.trac.wordpress.org/browser/moving-media-library/trunk/lib/class-movingmedialibraryadmin.php#L166

https://plugins.trac.wordpress.org/changeset/3244709/moving-media-library/trunk/lib/class-movingmedialibraryadmin.php

https://www.wordfence.com/threat-intel/vulnerabilities/id/815ce00b-3753-4c38-8a30-5242a5841734?source=cve

Enviar en el boletín
Off

6 Mar 2025

CVE-2025-1540

Título es
CVE-2025-1540

Jue, 06/03/2025 – 09:15

Tipo
CWE-863

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-1540

Descripción en
An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances."

06/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
3.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW

Referencias

https://about.gitlab.com/releases/2025/02/12/patch-release-gitlab-17-8-2-released/#saml-authentication-misconfigures-external-user-attribute

https://gitlab.com/gitlab-org/gitlab/-/issues/512765

Enviar en el boletín
Off

6 Mar 2025

CVE-2024-13902

Título es
CVE-2024-13902

Jue, 06/03/2025 – 10:15

Tipo
CWE-79

Gravedad v2.0
3.30

Gravedad 2.0 Txt
LOW

Título en

CVE-2024-13902

Descripción en
A vulnerability, which was classified as problematic, was found in huang-yk student-manage 1.0. This affects an unknown part of the component Edit a Student Information Page. The manipulation of the argument Class leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

06/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Vector CVSS:2.0
AV:N/AC:L/Au:M/C:N/I:P/A:N

Gravedad 4.0
4.80

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
2.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW

Referencias

https://gitee.com/huang-yk/student-manage/issues/I9UXC4

https://vuldb.com/?ctiid_298785=

https://vuldb.com/?id_298785=

Enviar en el boletín
Off

6 Mar 2025

CVE-2025-1672

Título es
CVE-2025-1672

Jue, 06/03/2025 – 10:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-1672

Descripción en
The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

06/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
5.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://plugins.trac.wordpress.org/changeset/3246799/

Notibar – Notification Bar for WordPress

https://www.wordfence.com/threat-intel/vulnerabilities/id/9985627d-9ba4-4a5b-94fb-06bcc769acfd?source=cve

Enviar en el boletín
Off

6 Mar 2025

CVE-2024-56202

Título es
CVE-2024-56202

Jue, 06/03/2025 – 11:15

Tipo
CWE-440

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-56202

Descripción en
Expected Behavior Violation vulnerability in Apache Traffic Server.

This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3.

Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue.

06/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023

Enviar en el boletín
Off

6 Mar 2025

CVE-2024-13868

Título es
CVE-2024-13868

Jue, 06/03/2025 – 06:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-13868

Descripción en
The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

06/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://wpscan.com/vulnerability/0bff1645-dd53-4416-a90f-7cf4a6b33c1a/

Enviar en el boletín
Off

6 Mar 2025

CVE-2025-20929

Título es
CVE-2025-20929

Jue, 06/03/2025 – 05:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-20929

Descripción en
Out-of-bounds write in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.

06/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
7.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03

Enviar en el boletín
Off

6 Mar 2025

CVE-2025-20928

Título es
CVE-2025-20928

Jue, 06/03/2025 – 05:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-20928

Descripción en
Out-of-bounds read in parsing wbmp image in Samsung Notes prior to vaersion 4.4.26.71 allows local attackers to access out-of-bounds memory.

06/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
5.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03

Enviar en el boletín
Off

Autor: Jose Alexis Correa Valencia