Security Vulnerabilities - CVEs Published In September 2024
A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs.
CVSS Score
6.7
EPSS Score
0.001
Published
2024-09-23
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
CVSS Score
9.1
EPSS Score
0.003
Published
2024-09-23
A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.
CVSS Score
10.0
EPSS Score
0.016
Published
2024-09-23
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.
CVSS Score
10.0
EPSS Score
0.004
Published
2024-09-23
A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.
CVSS Score
9.1
EPSS Score
0.003
Published
2024-09-23
A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
CVSS Score
9.1
EPSS Score
0.003
Published
2024-09-23
pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.
CVSS Score
9.9
EPSS Score
0.928
Published
2024-09-23
Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website. Prior to versions 1.16.3 and 2.1.3, the `block/locale` endpoint does not properly sanitize the user-controlled `locale` input before including it in the backend's HTTP response, thereby causing reflected cross-site scripting. Versions 1.16.3 and 2.1.3 contain a patch for the vulnerability.
CVSS Score
6.1
EPSS Score
0.006
Published
2024-09-23
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, there is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. The vulnerability has been fixed in v2.10.1.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-09-23
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. The vulnerability has been fixed in v2.10.1.
CVSS Score
9.8
EPSS Score
0.149
Published
2024-09-23