Security Vulnerabilities - CVEs Published In March 2024
Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat
Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds
write in their primary analyses function for Ethercat communication
packets. This could allow an attacker to cause arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-03-01
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands.
ClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVSS Score
5.3
EPSS Score
0.003
Published
2024-03-01
In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-03-01
A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file booking.php/owner.php/tenant.php. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255392.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-03-01
A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file index.php. The manipulation of the argument category_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255393 was assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-03-01
A vulnerability was found in SourceCodester Daily Habit Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/update-tracker.php. The manipulation of the argument day leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255391.
CVSS Score
3.5
EPSS Score
0.003
Published
2024-03-01
parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20.
CVSS Score
10.0
EPSS Score
0.003
Published
2024-03-01
A vulnerability has been found in SourceCodester Block Inserter for Dynamic Content 1.0 and classified as critical. This vulnerability affects unknown code of the file view_post.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255388.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-03-01
In OpenBSD 7.4 before errata 009, a race condition between pf(4)'s processing of packets and expiration of packet states may cause a kernel panic.
CVSS Score
6.2
EPSS Score
0.0
Published
2024-03-01
In OpenBSD 7.3 before errata 016, npppd(8) could crash by a l2tp message which has an AVP (Attribute-Value Pair) with wrong length.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-03-01