Security Vulnerabilities - CVEs Published In March 2024
A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized code or commands via specially crafted packets.
CVSS Score
9.6
EPSS Score
0.003
Published
2024-03-12
CVE-2023-48788
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
Known exploited
CVSS Score
9.8
EPSS Score
0.942
Published
2024-03-12
A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
CVSS Score
8.1
EPSS Score
0.002
Published
2024-03-12
A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.
CVSS Score
6.7
EPSS Score
0.001
Published
2024-03-12
A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file add_user.php. The manipulation of the argument city leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256453 was assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-03-12
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-03-12
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-03-12
Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-03-12
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also available via the web interface of the product.
CVSS Score
7.6
EPSS Score
0.003
Published
2024-03-12
A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22051)
CVSS Score
7.8
EPSS Score
0.001
Published
2024-03-12