CVE-2025-30307

CVE-2025-30307

Título es
CVE-2025-30307

Mar, 08/04/2025 – 19:15

Tipo
CWE-125

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-30307

Descripción en
XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

08/04/2025
08/04/2025
Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
5.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://helpx.adobe.com/security/products/xmpcore/apsb25-34.html

    • Enviar en el boletín
    Off

    CVE-2025-30306

    CVE-2025-30306

    Título es
    CVE-2025-30306

    Mar, 08/04/2025 – 19:15

    Tipo
    CWE-125

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-30306

    Descripción en
    XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

    08/04/2025
    08/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://helpx.adobe.com/security/products/xmpcore/apsb25-34.html

    • Enviar en el boletín
    Off

    CVE-2025-30305

    CVE-2025-30305

    Título es
    CVE-2025-30305

    Mar, 08/04/2025 – 19:15

    Tipo
    CWE-125

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-30305

    Descripción en
    XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

    08/04/2025
    08/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://helpx.adobe.com/security/products/xmpcore/apsb25-34.html

    • Enviar en el boletín
    Off

    CVE-2025-3416

    CVE-2025-3416

    Título es
    CVE-2025-3416

    Mar, 08/04/2025 – 19:15

    Tipo
    CWE-416

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-3416

    Descripción en
    A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

    08/04/2025
    08/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://access.redhat.com/security/cve/CVE-2025-3416

  • https://bugzilla.redhat.com/show_bug.cgi?id=2357560

  • https://github.com/sfackler/rust-openssl

  • https://github.com/sfackler/rust-openssl/commit/87085bd67896b7f92e6de35d081f607a334beae4

  • https://github.com/sfackler/rust-openssl/pull/2390

  • https://rustsec.org/advisories/RUSTSEC-2025-0022.html

    • Enviar en el boletín
    Off

    CVE-2025-27490

    CVE-2025-27490

    Título es
    CVE-2025-27490

    Mar, 08/04/2025 – 18:15

    Tipo
    CWE-122

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27490

    Descripción en
    Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

    08/04/2025
    08/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27490

    • Enviar en el boletín
    Off

    CVE-2025-27730

    CVE-2025-27730

    Título es
    CVE-2025-27730

    Mar, 08/04/2025 – 18:16

    Tipo
    CWE-415

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27730

    Descripción en
    Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

    08/04/2025
    08/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27730

    • Enviar en el boletín
    Off

    CVE-2025-27729

    CVE-2025-27729

    Título es
    CVE-2025-27729

    Mar, 08/04/2025 – 18:16

    Tipo
    CWE-416

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27729

    Descripción en
    Use after free in Windows Shell allows an unauthorized attacker to execute code locally.

    08/04/2025
    08/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27729

    • Enviar en el boletín
    Off

    CVE-2025-27728

    CVE-2025-27728

    Título es
    CVE-2025-27728

    Mar, 08/04/2025 – 18:16

    Tipo
    CWE-125

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27728

    Descripción en
    Out-of-bounds read in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

    08/04/2025
    08/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27728

    • Enviar en el boletín
    Off

    CVE-2025-27727

    CVE-2025-27727

    Título es
    CVE-2025-27727

    Mar, 08/04/2025 – 18:16

    Tipo
    CWE-59

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27727

    Descripción en
    Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.

    08/04/2025
    08/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27727

    • Enviar en el boletín
    Off

    CVE-2025-27492

    CVE-2025-27492

    Título es
    CVE-2025-27492

    Mar, 08/04/2025 – 18:16

    Tipo
    CWE-362

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27492

    Descripción en
    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.

    08/04/2025
    08/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.00

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27492

    • Enviar en el boletín
    Off