Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-23 | CVE-2024-7020 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. | 4.3 |
| 2024-09-23 | CVE-2024-7022 | Use of Uninitialized Resource vulnerability in Google Chrome Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | 4.3 |
| 2024-09-23 | CVE-2024-42861 | Unspecified vulnerability in Linuxptp Project Linuxptp An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function | 7.5 |
| 2024-09-23 | CVE-2024-8263 | Unspecified vulnerability in Github Enterprise Server An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. | 2.7 |
| 2024-09-23 | CVE-2024-8770 | Cross-site Scripting vulnerability in Github Enterprise Server A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program. | 6.1 |
| 2024-09-23 | CVE-2024-43201 | Improper Certificate Validation vulnerability in Planetfitness Planet Fitness Workouts The Planet Fitness Workouts iOS and Android mobile apps prior to version 9.8.12 (released on 2024-07-25) fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive information. | 5.9 |
| 2024-09-23 | CVE-2024-47222 | Server-Side Request Forgery (SSRF) vulnerability in Myoffice MY Office SDK New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol. | 9.8 |
| 2024-09-23 | CVE-2024-0001 | Insecure Default Initialization of Resource vulnerability in Purestorage Purity//Fa A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. | 9.8 |
| 2024-09-23 | CVE-2024-0002 | Unspecified vulnerability in Purestorage Purity//Fa A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. | 9.8 |
| 2024-09-23 | CVE-2024-0003 | Unspecified vulnerability in Purestorage Purity//Fa A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access. | 7.2 |