CVE-2025-25462

CVE-2025-25462

Título es
CVE-2025-25462

Mié, 26/02/2025 – 16:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-25462

Descripción en
A SQL Injection vulnerability was found in /admin/add-propertytype.php in PHPGurukul Land Record System Project in PHP v1.0 allows remote attackers to execute arbitrary code via the propertytype POST request parameter.

26/02/2025

26/02/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias


  • https://github.com/terrasystemlabs/CVE-IDs/blob/main/PHP-Gurukul/Land-record/Land_SQL_Injection.pdf

    • Enviar en el boletín
    Off

    CVE-2025-0941

    CVE-2025-0941

    Título es
    CVE-2025-0941

    Mié, 26/02/2025 – 17:15

    Tipo
    CWE-209

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-0941

    Descripción en
    MET ONE 3400+ instruments running software v1.0.41 can, under rare conditions, temporarily store credentials in plain text within the system. This data is not available to unauthenticated users.

    26/02/2025

    26/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://www.beckman.com/about-us/compliance/coordinated-vulnerability-disclosure/product-security-updates

    • Enviar en el boletín
    Off

    CVE-2025-20117

    CVE-2025-20117

    Título es
    CVE-2025-20117

    Mié, 26/02/2025 – 17:15

    Tipo
    CWE-77

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-20117

    Descripción en
    A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.

    This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root.

    26/02/2025

    26/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5

    • Enviar en el boletín
    Off

    CVE-2025-20116

    CVE-2025-20116

    Título es
    CVE-2025-20116

    Mié, 26/02/2025 – 17:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-20116

    Descripción en
    A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials.

    This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by injecting malicious code into specific pages of the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web UI or access sensitive, browser-based information.

    26/02/2025

    26/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5

    • Enviar en el boletín
    Off

    CVE-2025-20111

    CVE-2025-20111

    Título es
    CVE-2025-20111

    Mié, 26/02/2025 – 17:15

    Tipo
    CWE-1220

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-20111

    Descripción en
    A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.

    This vulnerability is due to the incorrect handling of specific Ethernet frames. An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device. A successful exploit could allow the attacker to cause the device to reload.

    26/02/2025

    26/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k-healthdos-eOqSWK4g

    • Enviar en el boletín
    Off

    CVE-2025-1634

    CVE-2025-1634

    Título es
    CVE-2025-1634

    Mié, 26/02/2025 – 17:15

    Tipo
    CWE-401

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-1634

    Descripción en
    A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.

    26/02/2025

    26/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://access.redhat.com/security/cve/CVE-2025-1634

  • https://bugzilla.redhat.com/show_bug.cgi?id=2347319

    • Enviar en el boletín
    Off

    CVE-2025-20161

    CVE-2025-20161

    Título es
    CVE-2025-20161

    Mié, 26/02/2025 – 17:15

    Tipo
    CWE-78

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-20161

    Descripción en
    A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating system of an affected device.

    This vulnerability is due to insufficient validation of specific elements within a software image. An attacker could exploit this vulnerability by installing a crafted image. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. 
    Note: Administrators should validate the hash of any software image before installation.

    26/02/2025

    26/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ici-dpOjbWxk

    • Enviar en el boletín
    Off

    CVE-2021-47642

    CVE-2021-47642

    Título es
    CVE-2021-47642

    Mié, 26/02/2025 – 06:37

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2021-47642

    Descripción en
    In the Linux kernel, the following vulnerability has been resolved:

    video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow

    Coverity complains of a possible buffer overflow. However,
    given the 'static' scope of nvidia_setup_i2c_bus() it looks
    like that can't happen after examiniing the call sites.

    CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
    1. fixed_size_dest: You might overrun the 48-character fixed-size string
    chan->adapter.name by copying name without checking the length.
    2. parameter_as_source: Note: This defect has an elevated risk because the
    source argument is a parameter of the current function.
    89 strcpy(chan->adapter.name, name);

    Fix this warning by using strscpy() which will silence the warning and
    prevent any future buffer overflows should the names used to identify the
    channel become much longer.

    26/02/2025

    26/02/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://git.kernel.org/stable/c/055cdd2e7b992921424d4daaa285ced787fb205f

  • https://git.kernel.org/stable/c/08dff482012758935c185532b1ad7d584785a86e

  • https://git.kernel.org/stable/c/37a1a2e6eeeb101285cd34e12e48a881524701aa

  • https://git.kernel.org/stable/c/41baa86b6c802cdc6ab8ff2d46c083c9be93de81

  • https://git.kernel.org/stable/c/47e5533adf118afaf06d25a3e2aaaab89371b1c5

  • https://git.kernel.org/stable/c/580e5d3815474b8349250c25c16416585a72c7fe

  • https://git.kernel.org/stable/c/6a5226e544ac043bb2d8dc1bfe8920d02282f7cd

  • https://git.kernel.org/stable/c/72dd5c46a152136712a55bf026a9aa8c1b12b60d

  • https://git.kernel.org/stable/c/9ff2f7294ab0f011cd4d1b7dcd9a07d8fdf72834

    • Enviar en el boletín
    Off

    CVE-2021-47641

    CVE-2021-47641

    Título es
    CVE-2021-47641

    Mié, 26/02/2025 – 06:37

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2021-47641

    Descripción en
    In the Linux kernel, the following vulnerability has been resolved:

    video: fbdev: cirrusfb: check pixclock to avoid divide by zero

    Do a sanity check on pixclock value to avoid divide by zero.

    If the pixclock value is zero, the cirrusfb driver will round up
    pixclock to get the derived frequency as close to maxclock as
    possible.

    Syzkaller reported a divide error in cirrusfb_check_pixclock.

    divide error: 0000 [#1] SMP KASAN PTI
    CPU: 0 PID: 14938 Comm: cirrusfb_test Not tainted 5.15.0-rc6 #1
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2
    RIP: 0010:cirrusfb_check_var+0x6f1/0x1260

    Call Trace:
    fb_set_var+0x398/0xf90
    do_fb_ioctl+0x4b8/0x6f0
    fb_ioctl+0xeb/0x130
    __x64_sys_ioctl+0x19d/0x220
    do_syscall_64+0x3a/0x80
    entry_SYSCALL_64_after_hwframe+0x44/0xae

    26/02/2025

    26/02/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://git.kernel.org/stable/c/1d3fb46439ad4e8f0c5739eb33d1875ac9e0f135

  • https://git.kernel.org/stable/c/40b13e3d85744210db13457785646634e2d056bd

  • https://git.kernel.org/stable/c/45800c42ef000f417270bcfc08630e42486fca99

  • https://git.kernel.org/stable/c/53a2088a396cfa1da92690a1da289634cd73bf0d

  • https://git.kernel.org/stable/c/5c6f402bdcf9e7239c6bc7087eda71ac99b31379

  • https://git.kernel.org/stable/c/6fe23ff94e7840097202e85c148688940b37c9b1

  • https://git.kernel.org/stable/c/8c7e2141fb89c620ab4e41512e262fbf25b8260d

  • https://git.kernel.org/stable/c/c656d04247a2654ede5cead2ecbf83431dad5261

  • https://git.kernel.org/stable/c/e498b504f8c81b07efab9febf8503448de4dc9cf

    • Enviar en el boletín
    Off