Security Vulnerabilities - CVEs Published In March 2025
Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-03-21
A vulnerability has been found in xmedcon 0.25.0 and classified as problematic. Affected by this vulnerability is the function malloc of the component DICOM File Handler. The manipulation leads to integer underflow. The attack can be launched remotely. Upgrading to version 0.25.1 is able to address this issue. It is recommended to upgrade the affected component.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-03-21
Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior to 3.41.200.202209300499, contain(s) a Stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.
CVSS Score
8.3
EPSS Score
0.001
Published
2025-03-21
Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.
CVSS Score
8.7
EPSS Score
0.007
Published
2025-03-21
Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
CVSS Score
9.3
EPSS Score
0.073
Published
2025-03-21
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A plug-in may be able to inherit app permissions and access user data.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-03-21
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.6. An app may be able to gain root privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-03-21
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-03-21
This issue was addressed through improved state management. This issue is fixed in visionOS 1.3, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. A file received from AirDrop may not have the quarantine flag applied.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-03-21
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause unexpected system termination or read kernel memory.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-03-21