Jun 16, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 9 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-38439 Netatalk Buffer Overflow

  • CVSS 9.8

New critical Netatalk Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-38441 Netatalk Buffer Overflow

  • CVSS 9.8

New critical Netatalk Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-38396 An issue was discovered in iTerm2 3.5.x before 3.5.2.

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-34451 CVSS 9.1

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For he...

CVE-2024-38396 CVSS 9.8

An issue was discovered in iTerm2 3.5.x before 3.5.2.

CVE-2024-38439 CVSS 9.8

Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLo...

CVE-2024-38441 CVSS 9.8

Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName...

CVE-2024-38448 CVSS 9.1

htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is untrusted, because shell metacharacters m...

CVE-2024-38462 CVSS 9.8

iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106...

CVE-2024-38466 CVSS 9.8

Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password.

CVE-2024-38468 CVSS 9.8

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API.

CVE-2024-5163 CVSS 9.8

Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks.

View critical disclosures

cvelogic Threat Intelligence