Security Vulnerabilities - CVEs Published In June 2024
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files.
CVSS Score
9.1
EPSS Score
0.002
Published
2024-06-10
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVSS Score
9.6
EPSS Score
0.003
Published
2024-06-10
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVSS Score
10.0
EPSS Score
0.936
Published
2024-06-10
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted tiff file may lead to arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.006
Published
2024-06-10
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-06-10
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5. Processing an AppleScript may result in unexpected termination or disclosure of process memory.
CVSS Score
7.1
EPSS Score
0.002
Published
2024-06-10
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13. An app may be able to break out of its sandbox.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-06-10
The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to access sensitive user data.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-06-10
Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade
the service availability of the Cloud Foundry deployment if performed at scale.
CVSS Score
5.9
EPSS Score
0.005
Published
2024-06-10
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVSS Score
9.6
EPSS Score
0.003
Published
2024-06-10