CVE-2025-1915

CVE-2025-1915

Título es
CVE-2025-1915

Mié, 05/03/2025 – 04:15

Tipo
CWE-22

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-1915

Descripción en
Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)

05/03/2025

05/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias


  • https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html

  • https://issues.chromium.org/issues/391114799

    • Enviar en el boletín
    Off

    CVE-2025-20002

    CVE-2025-20002

    Título es
    CVE-2025-20002

    Mié, 05/03/2025 – 00:15

    Tipo
    CWE-209

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-20002

    Descripción en
    After attempting to upload a file that does not meet prerequisites, GMOD Apollo will respond with local path information disclosure

    05/03/2025

    05/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://github.com/GMOD/Apollo

  • https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07

    • Enviar en el boletín
    Off

    CVE-2025-24924

    CVE-2025-24924

    Título es
    CVE-2025-24924

    Mié, 05/03/2025 – 00:15

    Tipo
    CWE-306

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-24924

    Descripción en
    Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username

    05/03/2025

    05/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 4.0
    9.30

    Gravedad 4.0 txt
    CRITICAL

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias


  • https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07

    • Enviar en el boletín
    Off

    CVE-2025-23410

    CVE-2025-23410

    Título es
    CVE-2025-23410

    Mié, 05/03/2025 – 00:15

    Tipo
    CWE-23

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23410

    Descripción en
    When uploading organism or sequence data via the web interface,
    GMOD Apollo

    will unzip and inspect the files and will not check for path
    traversal in supported archive types.

    05/03/2025

    05/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 4.0
    9.30

    Gravedad 4.0 txt
    CRITICAL

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias


  • https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07

    • Enviar en el boletín
    Off

    CVE-2025-21092

    CVE-2025-21092

    Título es
    CVE-2025-21092

    Mié, 05/03/2025 – 00:15

    Tipo
    CWE-266

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-21092

    Descripción en
    GMOD Apollo does not have sufficient logical or access checks when updating a user's information. This could result in an attacker being able to escalate privileges for themselves or others.

    05/03/2025

    05/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

    Gravedad 4.0
    7.10

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07

    • Enviar en el boletín
    Off

    CVE-2025-1964

    CVE-2025-1964

    Título es
    CVE-2025-1964

    Mié, 05/03/2025 – 01:15

    Tipo
    CWE-74

    Gravedad v2.0
    7.50

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2025-1964

    Descripción en
    A vulnerability was found in projectworlds Online Hotel Booking 1.0. It has been rated as critical. This issue affects some unknown processing of the file /booknow.php?roomname=Duplex. The manipulation of the argument checkin leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

    05/03/2025

    05/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:N/C:P/I:P/A:P

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://github.com/ubfbuz3/cve/issues/3

  • https://vuldb.com/?ctiid_298565=

  • https://vuldb.com/?id_298565=

  • https://vuldb.com/?submit_511471=

    • Enviar en el boletín
    Off

    CVE-2025-1965

    CVE-2025-1965

    Título es
    CVE-2025-1965

    Mié, 05/03/2025 – 01:15

    Tipo
    CWE-74

    Gravedad v2.0
    7.50

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2025-1965

    Descripción en
    A vulnerability classified as critical has been found in projectworlds Online Hotel Booking 1.0. Affected is an unknown function of the file /admin/login.php. The manipulation of the argument emailusername leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

    05/03/2025

    05/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:N/C:P/I:P/A:P

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://github.com/ubfbuz3/cve/issues/4

  • https://vuldb.com/?ctiid_298566=

  • https://vuldb.com/?id_298566=

  • https://vuldb.com/?submit_511473=

    • Enviar en el boletín
    Off

    CVE-2024-0141

    CVE-2024-0141

    Título es
    CVE-2024-0141

    Mié, 05/03/2025 – 02:15

    Tipo
    CWE-782

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-0141

    Descripción en
    NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the GPU vBIOS that may allow a malicious actor with tenant level GPU access to write to an unsupported registry causing a bad state. A successful exploit of this vulnerability may lead to denial of service.

    05/03/2025

    05/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://nvidia.custhelp.com/app/answers/detail/a_id/5561

    • Enviar en el boletín
    Off

    CVE-2024-0114

    CVE-2024-0114

    Título es
    CVE-2024-0114

    Mié, 05/03/2025 – 02:15

    Tipo
    CWE-1244

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-0114

    Descripción en
    NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an administrator. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

    05/03/2025

    05/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://nvidia.custhelp.com/app/answers/detail/a_id/5561

    • Enviar en el boletín
    Off

    CVE-2025-1967

    CVE-2025-1967

    Título es
    CVE-2025-1967

    Mié, 05/03/2025 – 02:15

    Tipo
    CWE-79

    Gravedad v2.0
    4.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-1967

    Descripción en
    A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /user_dashboard/donor.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

    05/03/2025

    05/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:N/I:P/A:N

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias


  • https://code-projects.org/

  • https://github.com/intercpt/XSS1/blob/main/XSS.md

  • https://vuldb.com/?ctiid_298568=

  • https://vuldb.com/?id_298568=

  • https://vuldb.com/?submit_512163=

    • Enviar en el boletín
    Off