Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-09-23 CVE-2024-47222 Server-Side Request Forgery (SSRF) vulnerability in Myoffice MY Office SDK
New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol.
network
low complexity
myoffice CWE-918
critical
 9.8
9.8
2024-09-23 CVE-2024-0001 Insecure Default Initialization of Resource vulnerability in Purestorage Purity//Fa
A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.
network
low complexity
purestorage CWE-1188
critical
 9.8
9.8
2024-09-23 CVE-2024-0002 Unspecified vulnerability in Purestorage Purity//Fa
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.
network
low complexity
purestorage
critical
 9.8
9.8
2024-09-23 CVE-2024-0003 Unspecified vulnerability in Purestorage Purity//Fa
A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.
network
low complexity
purestorage
7.2
7.2
2024-09-23 CVE-2024-0004 Code Injection vulnerability in Purestorage Purity//Fa
A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
network
low complexity
purestorage CWE-94
7.2
7.2
2024-09-23 CVE-2024-0005 Command Injection vulnerability in Purestorage Purity//Fa
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
network
low complexity
purestorage CWE-77
8.8
8.8
2024-09-23 CVE-2024-46985 XXE vulnerability in Dataease
DataEase is an open source data visualization analysis tool.
network
low complexity
dataease CWE-611
7.5
7.5
2024-09-23 CVE-2024-46997 Unspecified vulnerability in Dataease
DataEase is an open source data visualization analysis tool.
network
low complexity
dataease
critical
 9.8
9.8
2024-09-23 CVE-2024-47066 Server-Side Request Forgery (SSRF) vulnerability in Lobehub Lobe Chat
Lobe Chat is an open-source artificial intelligence chat framework.
network
low complexity
lobehub CWE-918
8.8
8.8
2024-09-23 CVE-2024-47068 Cross-site Scripting vulnerability in Rollupjs Rollup
Rollup is a module bundler for JavaScript.
network
low complexity
rollupjs CWE-79
6.1
6.1