Security Vulnerabilities - CVEs Published In June 2024
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than CVE-2024-38395.
CVSS Score
9.8
EPSS Score
0.106
Published
2024-06-16
irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a directory.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-06-16
iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106 reference.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-06-16
Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-06-16
Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-06-16
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-06-16
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-06-16
ExpressionEngine before 7.4.11 allows XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-06-16
Xenforo before 2.2.16 allows CSRF.
CVSS Score
8.8
EPSS Score
0.066
Published
2024-06-16
Xenforo before 2.2.16 allows code injection.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-06-16