CVE-2025-1728

CVE-2025-1728

Título es
CVE-2025-1728

Mié, 26/02/2025 – 22:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-1728

Descripción en
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

26/02/2025

26/02/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Enviar en el boletín
Off

CVE-2024-57040

CVE-2024-57040

Título es
CVE-2024-57040

Mié, 26/02/2025 – 22:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-57040

Descripción en
TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained via a brute force attack.

26/02/2025

26/02/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias


  • https://security.iiita.ac.in/iot/hashed_password.pdf

    • Enviar en el boletín
    Off

    CVE-2024-55581

    CVE-2024-55581

    Título es
    CVE-2024-55581

    Mié, 26/02/2025 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-55581

    Descripción en
    When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate (unless the using program specifies a TLS configuration).

    26/02/2025

    26/02/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://docs.adacore.com/corp/security-advisories/SEC.AWS-0056-v1.pdf

    • Enviar en el boletín
    Off

    CVE-2024-53573

    CVE-2024-53573

    Título es
    CVE-2024-53573

    Mié, 26/02/2025 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-53573

    Descripción en
    Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusively for administrative use. This issue specifically affects teacher/edit/{id}.

    26/02/2025

    26/02/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://drive.google.com/file/d/14Or6QIpOeLEqdFm1mwxdE_NNCOwMmcFc/view

  • https://www.getastra.com/blog/vulnerability/improper-access-control-in-school-management-system-unifiedtransform/

    • Enviar en el boletín
    Off

    CVE-2025-1460

    CVE-2025-1460

    Título es
    CVE-2025-1460

    Mié, 26/02/2025 – 23:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-1460

    Descripción en
    Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

    27/02/2025

    27/02/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Enviar en el boletín
    Off

    CVE-2025-20119

    CVE-2025-20119

    Título es
    CVE-2025-20119

    Mié, 26/02/2025 – 17:15

    Tipo
    CWE-362

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-20119

    Descripción en
    A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials.

    This vulnerability is due to a race condition with handling system files. An attacker could exploit this vulnerability by doing specific operations on the file system. A successful exploit could allow the attacker to overwrite system files, which could lead to the device being in an inconsistent state and cause a DoS condition.

    26/02/2025

    26/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.00

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5

    • Enviar en el boletín
    Off

    CVE-2025-20118

    CVE-2025-20118

    Título es
    CVE-2025-20118

    Mié, 26/02/2025 – 17:15

    Tipo
    CWE-212

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-20118

    Descripción en
    A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.

    This vulnerability is due to insufficient masking of sensitive information that is displayed through system CLI commands. An attacker could exploit this vulnerability by using reconnaissance techniques at the device CLI. A successful exploit could allow the attacker to access sensitive information on an affected device that could be used for additional attacks.

    26/02/2025

    26/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5

    • Enviar en el boletín
    Off

    CVE-2025-1726

    CVE-2025-1726

    Título es
    CVE-2025-1726

    Mié, 26/02/2025 – 20:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-1726

    Descripción en
    There is a SQL injection issue in Esri ArcGIS Monitor versions 2023.0 through 2024.x on Windows and Linux that allows a remote, authenticated attacker with low privileges to improperly read limited database schema information by passing crafted queries. While it is possible to enumerate some internal database identifiers, the impact to the confidentiality vector is "LOW' because any sensitive data returned in a response is encrypted. There is no evidence of impact to the integrity or availability vectors. This issue is addressed in ArcGIS Monitor 2024.1.

    26/02/2025

    26/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://www.esri.com/arcgis-blog/products/monitor/administration/whats-new-in-arcgis-monitor-2024-1/

    • Enviar en el boletín
    Off

    CVE-2025-25827

    CVE-2025-25827

    Título es
    CVE-2025-25827

    Mié, 26/02/2025 – 15:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-25827

    Descripción en
    A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL.

    26/02/2025

    26/02/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • http://emlogpro.com

  • https://github.com/Ka7arotto/emlog/blob/main/ssrf.md

  • https://www.emlog.net/

    • Enviar en el boletín
    Off

    CVE-2024-46226

    CVE-2024-46226

    Título es
    CVE-2024-46226

    Mié, 26/02/2025 – 16:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-46226

    Descripción en
    A stored cross site scripting (XSS) vulnerability in HelpDeskZ

    26/02/2025

    26/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://www.exploit-db.com/exploits/52068

  • https://www.exploit-db.com/exploits/52068

    • Enviar en el boletín
    Off