CVE-2025-22230

CVE-2025-22230

Título es
CVE-2025-22230

Mar, 25/03/2025 – 14:15

Tipo
CWE-288

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-22230

Descripción en
VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.

25/03/2025
25/03/2025
Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
7.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

  • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518

    • Enviar en el boletín
    Off

    CVE-2025-29635

    CVE-2025-29635

    Título es
    CVE-2025-29635

    Mar, 25/03/2025 – 14:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-29635

    Descripción en
    A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.

    25/03/2025
    25/03/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/mono7s/Dir-823x/blob/main/set_prohibiting/set_prohibiting.md

    • Enviar en el boletín
    Off

    CVE-2025-30091

    CVE-2025-30091

    Título es
    CVE-2025-30091

    Mar, 25/03/2025 – 14:15

    Tipo
    CWE-96

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-30091

    Descripción en
    In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand can be inserted into config.php, and InstallCommand is available after an installation has completed.

    25/03/2025
    25/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    9.40

    Gravedad 4.0 txt
    CRITICAL

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.moxiemanager.com/changelog/

  • https://www.moxiemanager.com/documentation/SEC-1063.php

    • Enviar en el boletín
    Off

    CVE-2024-11499

    CVE-2024-11499

    Título es
    CVE-2024-11499

    Mar, 25/03/2025 – 13:15

    Tipo
    CWE-476

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-11499

    Descripción en
    A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections.

    The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.

    25/03/2025
    25/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true

    • Enviar en el boletín
    Off

    CVE-2024-10037

    CVE-2024-10037

    Título es
    CVE-2024-10037

    Mar, 25/03/2025 – 13:15

    Tipo
    CWE-476

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-10037

    Descripción en
    A vulnerability exists in the RTU500 web server component that can cause a denial of service to the RTU500 CMU application if a specially crafted message sequence is executed on a WebSocket connection.
    An attacker must be properly authenticated and the test mode function of RTU500 must be enabled to exploit this vulnerability.

    The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.

    25/03/2025
    25/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

    Gravedad 4.0
    5.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true

    • Enviar en el boletín
    Off

    CVE-2025-27631

    CVE-2025-27631

    Título es
    CVE-2025-27631

    Mar, 25/03/2025 – 13:15

    Tipo
    CWE-90

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27631

    Descripción en
    The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website.

    25/03/2025
    25/03/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000210&LanguageCode=en&DocumentPartId=&Action=Launch

    • Enviar en el boletín
    Off

    CVE-2025-1445

    CVE-2025-1445

    Título es
    CVE-2025-1445

    Mar, 25/03/2025 – 13:15

    Tipo
    CWE-820

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-1445

    Descripción en
    A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing situations, when IEC61850 communication is active.

    Precondition is that IEC61850 as client or server are configured using TLS on RTU500 device. It affects the CMU the IEC61850 stack is configured on.

    25/03/2025
    25/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Gravedad 4.0
    8.70

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true

    • Enviar en el boletín
    Off

    CVE-2024-12169

    CVE-2024-12169

    Título es
    CVE-2024-12169

    Mar, 25/03/2025 – 13:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-12169

    Descripción en
    A vulnerability exists in RTU500 IEC 60870-5-104 controlled station functionality and IEC 61850 functionality, that allows an attacker performing a specific attack sequence to restart the affected CMU. This vulnerability only applies, if secure communication using IEC 62351-3 (TLS) is enabled.

    25/03/2025
    25/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    Gravedad 4.0
    8.70

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true

    • Enviar en el boletín
    Off

    CVE-2025-29932

    CVE-2025-29932

    Título es
    CVE-2025-29932

    Mar, 25/03/2025 – 13:15

    Tipo
    CWE-611

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-29932

    Descripción en
    In JetBrains GoLand before 2025.1 an XXE during debugging was possible

    25/03/2025
    25/03/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.jetbrains.com/privacy-security/issues-fixed/

    • Enviar en el boletín
    Off

    CVE-2025-27633

    CVE-2025-27633

    Título es
    CVE-2025-27633

    Mar, 25/03/2025 – 13:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27633

    Descripción en
    The TRMTracker web application is vulnerable to reflected Cross-site scripting attack. The application allows client-side code injection that might be used to compromise the confidentiality and integrity of the system.

    25/03/2025
    25/03/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000210&LanguageCode=en&DocumentPartId=&Action=Launch

    • Enviar en el boletín
    Off