CVE-2024-58047

CVE-2024-58047

Título es
CVE-2024-58047

Mar, 04/03/2025 – 08:15

Tipo
CWE-200

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-58047

Descripción en
Permission verification vulnerability in the media library module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.

04/03/2025

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
5.00

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias


  • https://consumer.huawei.com/en/support/bulletin/2025/3/

    • Enviar en el boletín
    Off

    CVE-2024-58046

    CVE-2024-58046

    Título es
    CVE-2024-58046

    Mar, 04/03/2025 – 08:15

    Tipo
    CWE-200

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-58046

    Descripción en
    Permission management vulnerability in the lock screen module
    Impact: Successful exploitation of this vulnerability may affect service confidentiality.

    04/03/2025

    04/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://consumer.huawei.com/en/support/bulletin/2025/3/

    • Enviar en el boletín
    Off

    CVE-2025-27521

    CVE-2025-27521

    Título es
    CVE-2025-27521

    Mar, 04/03/2025 – 08:15

    Tipo
    CWE-264

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27521

    Descripción en
    Vulnerability of improper access permission in the process management module
    Impact: Successful exploitation of this vulnerability may affect service confidentiality.

    04/03/2025

    04/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://consumer.huawei.com/en/support/bulletin/2025/3/

    • Enviar en el boletín
    Off

    CVE-2025-24309

    CVE-2025-24309

    Título es
    CVE-2025-24309

    Mar, 04/03/2025 – 04:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-24309

    Descripción en
    in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

    04/03/2025

    04/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias


  • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md

    • Enviar en el boletín
    Off

    CVE-2025-24301

    CVE-2025-24301

    Título es
    CVE-2025-24301

    Mar, 04/03/2025 – 04:15

    Tipo
    CWE-416

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-24301

    Descripción en
    in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

    04/03/2025

    04/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias


  • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md

    • Enviar en el boletín
    Off

    CVE-2025-23420

    CVE-2025-23420

    Título es
    CVE-2025-23420

    Mar, 04/03/2025 – 04:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23420

    Descripción en
    in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

    04/03/2025

    04/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias


  • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md

    • Enviar en el boletín
    Off

    CVE-2025-23418

    CVE-2025-23418

    Título es
    CVE-2025-23418

    Mar, 04/03/2025 – 04:15

    Tipo
    CWE-125

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23418

    Descripción en
    in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

    04/03/2025

    04/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias


  • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md

    • Enviar en el boletín
    Off

    CVE-2025-23414

    CVE-2025-23414

    Título es
    CVE-2025-23414

    Mar, 04/03/2025 – 04:15

    Tipo
    CWE-416

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23414

    Descripción en
    in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

    04/03/2025

    04/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias


  • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md

    • Enviar en el boletín
    Off

    CVE-2025-1306

    CVE-2025-1306

    Título es
    CVE-2025-1306

    Mar, 04/03/2025 – 05:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-1306

    Descripción en
    The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. This is due to missing or incorrect nonce validation on the newscrunch_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

    04/03/2025

    04/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://themes.trac.wordpress.org/browser/newscrunch/1.8.3/functions.php#L486

  • https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=261789%40newscrunch&new=261789%40newscrunch

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/1c507681-61e9-4bf0-8fe5-e2f401a7a8be?source=cve

    • Enviar en el boletín
    Off

    CVE-2025-1906

    CVE-2025-1906

    Título es
    CVE-2025-1906

    Mar, 04/03/2025 – 05:15

    Tipo
    CWE-74

    Gravedad v2.0
    5.80

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-1906

    Descripción en
    A vulnerability has been found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

    04/03/2025

    04/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:M/C:P/I:P/A:P

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://github.com/HaroldFinch-L/CVE/issues/2

  • https://phpgurukul.com/

  • https://vuldb.com/?ctiid_298426=

  • https://vuldb.com/?id_298426=

  • https://vuldb.com/?submit_508915=

    • Enviar en el boletín
    Off