Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-23 | CVE-2024-43201 | Improper Certificate Validation vulnerability in Planetfitness Planet Fitness Workouts The Planet Fitness Workouts iOS and Android mobile apps prior to version 9.8.12 (released on 2024-07-25) fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive information. | 5.9 |
| 2024-09-23 | CVE-2024-47222 | Server-Side Request Forgery (SSRF) vulnerability in Myoffice MY Office SDK New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol. | 9.8 |
| 2024-09-23 | CVE-2024-0001 | Insecure Default Initialization of Resource vulnerability in Purestorage Purity//Fa A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. | 9.8 |
| 2024-09-23 | CVE-2024-0002 | Unspecified vulnerability in Purestorage Purity//Fa A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. | 9.8 |
| 2024-09-23 | CVE-2024-0003 | Unspecified vulnerability in Purestorage Purity//Fa A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access. | 7.2 |
| 2024-09-23 | CVE-2024-0004 | Code Injection vulnerability in Purestorage Purity//Fa A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array. | 7.2 |
| 2024-09-23 | CVE-2024-0005 | Command Injection vulnerability in Purestorage Purity//Fa A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. | 8.8 |
| 2024-09-23 | CVE-2024-46985 | XXE vulnerability in Dataease DataEase is an open source data visualization analysis tool. | 7.5 |
| 2024-09-23 | CVE-2024-46997 | Unspecified vulnerability in Dataease DataEase is an open source data visualization analysis tool. | 9.8 |
| 2024-09-23 | CVE-2024-47066 | Server-Side Request Forgery (SSRF) vulnerability in Lobehub Lobe Chat Lobe Chat is an open-source artificial intelligence chat framework. | 8.8 |