Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-23 | CVE-2024-8263 | Unspecified vulnerability in Github Enterprise Server An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. | 2.7 |
| 2024-09-23 | CVE-2024-8770 | Cross-site Scripting vulnerability in Github Enterprise Server A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program. | 6.1 |
| 2024-09-23 | CVE-2024-43201 | Improper Certificate Validation vulnerability in Planetfitness Planet Fitness Workouts The Planet Fitness Workouts iOS and Android mobile apps prior to version 9.8.12 (released on 2024-07-25) fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive information. | 5.9 |
| 2024-09-23 | CVE-2024-47222 | Server-Side Request Forgery (SSRF) vulnerability in Myoffice MY Office SDK New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol. | 9.8 |
| 2024-09-23 | CVE-2024-0001 | Insecure Default Initialization of Resource vulnerability in Purestorage Purity//Fa A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. | 9.8 |
| 2024-09-23 | CVE-2024-0002 | Unspecified vulnerability in Purestorage Purity//Fa A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. | 9.8 |
| 2024-09-23 | CVE-2024-0003 | Unspecified vulnerability in Purestorage Purity//Fa A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access. | 7.2 |
| 2024-09-23 | CVE-2024-0004 | Code Injection vulnerability in Purestorage Purity//Fa A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array. | 7.2 |
| 2024-09-23 | CVE-2024-0005 | Command Injection vulnerability in Purestorage Purity//Fa A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. | 8.8 |
| 2024-09-23 | CVE-2024-46985 | XXE vulnerability in Dataease DataEase is an open source data visualization analysis tool. | 7.5 |