4.3

CVSS3.1

CVE-2024-7019 -

Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

πŸ“… Published: Sept. 23, 2024, 9:56 p.m. πŸ”„ Last Modified: Jan. 2, 2025, 5:31 p.m.

8.8

CVSS3.1

CVE-2024-7018 -

Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

πŸ“… Published: Sept. 23, 2024, 9:56 p.m. πŸ”„ Last Modified: Jan. 2, 2025, 5:32 p.m.

6.2

CVSS4.0

CVE-2024-8263 -

An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1.Β This …

πŸ“… Published: Sept. 23, 2024, 8:12 p.m. πŸ”„ Last Modified: Sept. 30, 2024, 3:57 p.m.

5.8

CVSS4.0

CVE-2024-8770 -

A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering.Β This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version …

πŸ“… Published: Sept. 23, 2024, 8:09 p.m. πŸ”„ Last Modified: Sept. 27, 2024, 1:49 p.m.

8.7

CVSS4.0

CVE-2024-43201 - Planet Fitness Workouts mobile apps do not properly validate TLS certificates

The Planet Fitness Workouts iOS and Android mobile apps fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive information. Planet Fitness first addressed this vulnerability in version 9.8.12 (released on 2024-07-25) a…

πŸ“… Published: Sept. 23, 2024, 7:11 p.m. πŸ”„ Last Modified: Feb. 28, 2025, 6:15 p.m.

9.1

CVSS3.1

CVE-2024-0005 -

A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.

πŸ“… Published: Sept. 23, 2024, 5:34 p.m. πŸ”„ Last Modified: Sept. 27, 2024, 3:25 p.m.

9.1

CVSS3.1

CVE-2024-0004 -

A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.

πŸ“… Published: Sept. 23, 2024, 5:28 p.m. πŸ”„ Last Modified: Sept. 27, 2024, 2:24 p.m.

9.1

CVSS3.1

CVE-2024-0003 -

A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.

πŸ“… Published: Sept. 23, 2024, 5:27 p.m. πŸ”„ Last Modified: Sept. 27, 2024, 2:23 p.m.

10

CVSS3.1

CVE-2024-0002 -

A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.

πŸ“… Published: Sept. 23, 2024, 5:26 p.m. πŸ”„ Last Modified: Sept. 27, 2024, 2:13 p.m.

10

CVSS3.1

CVE-2024-0001 -

A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.

πŸ“… Published: Sept. 23, 2024, 5:25 p.m. πŸ”„ Last Modified: Sept. 27, 2024, 2:08 p.m.
Total resulsts: 349182
Page 8492 of 34,919
Β« previous page Β» next page
Filters