CVE-2025-27830

CVE-2025-27830

Título es
CVE-2025-27830

Mar, 25/03/2025 – 21:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27830

Descripción en
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c.

25/03/2025
25/03/2025
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://bugs.ghostscript.com/show_bug.cgi?id=708241

    • Enviar en el boletín
    Off

    CVE-2025-30741

    CVE-2025-30741

    Título es
    CVE-2025-30741

    Mar, 25/03/2025 – 21:15

    Tipo
    CWE-863

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-30741

    Descripción en
    Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers from a Pixelfed instance.

    25/03/2025
    25/03/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://fokus.cool/2025/03/25/pixelfed-vulnerability.html

  • https://github.com/pixelfed/pixelfed/releases/tag/v0.12.5

  • https://mastodon.social/@pixelfed/114215925957179498

  • https://news.ycombinator.com/item?id=43474425

    • Enviar en el boletín
    Off

    CVE-2025-29789

    CVE-2025-29789

    Título es
    CVE-2025-29789

    Mar, 25/03/2025 – 21:15

    Tipo
    CWE-23

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-29789

    Descripción en
    OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue.

    25/03/2025
    25/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    4.60

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/openemr/openemr/commit/ef3bb7f84ebe8ef54d55416e587ec2fefd065489

  • https://github.com/openemr/openemr/security/advisories/GHSA-ffpq-2wqj-v8ff

    • Enviar en el boletín
    Off

    CVE-2025-27837

    CVE-2025-27837

    Título es
    CVE-2025-27837

    Mar, 25/03/2025 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27837

    Descripción en
    An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.

    25/03/2025
    25/03/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugs.ghostscript.com/show_bug.cgi?id=708238

    • Enviar en el boletín
    Off

    CVE-2025-27836

    CVE-2025-27836

    Título es
    CVE-2025-27836

    Mar, 25/03/2025 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27836

    Descripción en
    An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.

    25/03/2025
    25/03/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugs.ghostscript.com/show_bug.cgi?id=708192

    • Enviar en el boletín
    Off

    CVE-2025-27835

    CVE-2025-27835

    Título es
    CVE-2025-27835

    Mar, 25/03/2025 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27835

    Descripción en
    An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c.

    25/03/2025
    25/03/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugs.ghostscript.com/show_bug.cgi?id=708131

    • Enviar en el boletín
    Off

    CVE-2024-58104

    CVE-2024-58104

    Título es
    CVE-2024-58104

    Mar, 25/03/2025 – 18:15

    Tipo
    CWE-269

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-58104

    Descripción en
    A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations.

    Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

    25/03/2025
    25/03/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://success.trendmicro.com/en-US/solution/KA-0018217

    • Enviar en el boletín
    Off

    CVE-2025-2312

    CVE-2025-2312

    Título es
    CVE-2025-2312

    Mar, 25/03/2025 – 18:15

    Tipo
    CWE-488

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-2312

    Descripción en
    A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.

    25/03/2025
    25/03/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://git.samba.org/?p=cifs-utils.git%3Ba%3Dcommit%3Bh%3D89b679228cc1be9739d54203d28289b03352c174

  • https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb?id=db363b0a1d9e6b9dc556296f1b1007aeb496a8cf

    • Enviar en el boletín
    Off

    CVE-2024-31896

    CVE-2024-31896

    Título es
    CVE-2024-31896

    Mar, 25/03/2025 – 19:15

    Tipo
    CWE-327

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-31896

    Descripción en
    IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

    25/03/2025
    25/03/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.ibm.com/support/pages/node/7228971

    • Enviar en el boletín
    Off

    CVE-2025-28904

    CVE-2025-28904

    Título es
    CVE-2025-28904

    Mar, 25/03/2025 – 19:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-28904

    Descripción en
    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shamalli Web Directory Free allows Blind SQL Injection. This issue affects Web Directory Free: from n/a through 1.7.6.

    25/03/2025
    25/03/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://patchstack.com/database/wordpress/plugin/web-directory-free/vulnerability/wordpress-web-directory-free-plugin-1-7-6-sql-injection-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off