Security Vulnerabilities - CVEs Published In June 2024
iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106 reference.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-06-16
Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-06-16
Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-06-16
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-06-16
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-06-16
ExpressionEngine before 7.4.11 allows XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-06-16
Xenforo before 2.2.16 allows CSRF.
CVSS Score
8.8
EPSS Score
0.066
Published
2024-06-16
Xenforo before 2.2.16 allows code injection.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-06-16
langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-06-16
In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs, etc).
CVSS Score
4.9
EPSS Score
0.001
Published
2024-06-16