CVE-2025-2916

CVE-2025-2916

Título es
CVE-2025-2916

Vie, 28/03/2025 – 17:15

Tipo
CWE-74

Gravedad v2.0
6.50

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2025-2916

Descripción en
A vulnerability, which was classified as critical, has been found in Aishida Call Center System up to 20250314. This issue affects some unknown processing of the file /doscall/weixin/open/amr2mp3. The manipulation of the argument File leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

28/03/2025
28/03/2025
Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:S/C:P/I:P/A:P

Gravedad 4.0
5.30

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
6.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://github.com/ZOKEYE/CVE/blob/main/CVE_1.md

  • https://vuldb.com/?ctiid_301889=

  • https://vuldb.com/?id_301889=

  • https://vuldb.com/?submit_520604=

    • Enviar en el boletín
    Off

    CVE-2025-2915

    CVE-2025-2915

    Título es
    CVE-2025-2915

    Vie, 28/03/2025 – 17:15

    Tipo
    CWE-119

    Gravedad v2.0
    1.70

    Gravedad 2.0 Txt
    LOW

    Título en

    CVE-2025-2915

    Descripción en
    A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_size leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

    28/03/2025
    28/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

    Vector CVSS:2.0
    AV:L/AC:L/Au:S/C:N/I:N/A:P

    Gravedad 4.0
    4.80

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://github.com/HDFGroup/hdf5/issues/5380

  • https://vuldb.com/?ctiid_301888=

  • https://vuldb.com/?id_301888=

  • https://vuldb.com/?submit_520899=

    • Enviar en el boletín
    Off

    CVE-2025-2914

    CVE-2025-2914

    Título es
    CVE-2025-2914

    Vie, 28/03/2025 – 17:15

    Tipo
    CWE-119

    Gravedad v2.0
    1.70

    Gravedad 2.0 Txt
    LOW

    Título en

    CVE-2025-2914

    Descripción en
    A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FS__sinfo_Srialize_Sct_cb of the file src/H5FScache.c. The manipulation of the argument sect leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

    28/03/2025
    28/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

    Vector CVSS:2.0
    AV:L/AC:L/Au:S/C:N/I:N/A:P

    Gravedad 4.0
    4.80

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://github.com/HDFGroup/hdf5/issues/5379

  • https://vuldb.com/?ctiid_301887=

  • https://vuldb.com/?id_301887=

  • https://vuldb.com/?submit_520880=

    • Enviar en el boletín
    Off

    CVE-2025-2913

    CVE-2025-2913

    Título es
    CVE-2025-2913

    Vie, 28/03/2025 – 17:15

    Tipo
    CWE-119

    Gravedad v2.0
    1.70

    Gravedad 2.0 Txt
    LOW

    Título en

    CVE-2025-2913

    Descripción en
    A vulnerability was found in HDF5 up to 1.14.6. It has been rated as problematic. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_blk_head_t leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

    28/03/2025
    28/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

    Vector CVSS:2.0
    AV:L/AC:L/Au:S/C:N/I:N/A:P

    Gravedad 4.0
    4.80

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://github.com/HDFGroup/hdf5/issues/5376

  • https://vuldb.com/?ctiid_301886=

  • https://vuldb.com/?id_301886=

  • https://vuldb.com/?submit_520404=

    • Enviar en el boletín
    Off

    CVE-2025-2860

    CVE-2025-2860

    Título es
    CVE-2025-2860

    Vie, 28/03/2025 – 14:15

    Tipo
    CWE-200

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-2860

    Descripción en
    SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website.

    28/03/2025
    28/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu

    • Enviar en el boletín
    Off

    CVE-2025-2859

    CVE-2025-2859

    Título es
    CVE-2025-2859

    Vie, 28/03/2025 – 14:15

    Tipo
    CWE-287

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-2859

    Descripción en
    An attacker with access to the network where the vulnerable device is located could capture traffic and obtain cookies from the user, allowing them to steal a user's active session and make changes to the device via the web, depending on the privileges obtained by the user.

    28/03/2025
    28/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu

    • Enviar en el boletín
    Off

    CVE-2025-2858

    CVE-2025-2858

    Título es
    CVE-2025-2858

    Vie, 28/03/2025 – 14:15

    Tipo
    CWE-269

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-2858

    Descripción en
    Privilege escalation vulnerability in the saTECH BCU firmware version 2.1.3. An attacker with access to the CLI of the device could make use of the nice command to bypass all restrictions and elevate privileges as a superuser.

    28/03/2025
    28/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    8.50

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu

    • Enviar en el boletín
    Off

    CVE-2025-2877

    CVE-2025-2877

    Título es
    CVE-2025-2877

    Vie, 28/03/2025 – 14:15

    Tipo
    CWE-1295

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-2877

    Descripción en
    A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams.

    28/03/2025
    28/03/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://access.redhat.com/security/cve/CVE-2025-2877

  • https://bugzilla.redhat.com/show_bug.cgi?id=2355540

    • Enviar en el boletín
    Off

    CVE-2025-2865

    CVE-2025-2865

    Título es
    CVE-2025-2865

    Vie, 28/03/2025 – 14:15

    Tipo
    CWE-942

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-2865

    Descripción en
    SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code (resources) stored on another malicious website owned by the attacker.

    28/03/2025
    28/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    2.40

    Gravedad 4.0 txt
    LOW

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu

    • Enviar en el boletín
    Off

    CVE-2025-2864

    CVE-2025-2864

    Título es
    CVE-2025-2864

    Vie, 28/03/2025 – 14:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-2864

    Descripción en
    SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser (reflected XSS).

    28/03/2025
    28/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    2.00

    Gravedad 4.0 txt
    LOW

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu

    • Enviar en el boletín
    Off