123 results (0.006 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink). OnCommand Unified Manager Core Package versiones anteriores a 5.2.5, pueden revelar información confidencial de la cuenta a usuarios no autorizados por medio del uso de PuTTY Link (plink) • https://security.netapp.com/advisory/NTAP-20210128-0001 https://security.netapp.com/advisory/ntap-20210128-0001 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 9.8EPSS: 9%CPEs: 30EXPL: 0

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Un desbordamiento del búfer de la pila en el manejador de protocolo TFTP en cURL versiones 7.19.4 hasta 7.65.3. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html https://curl.haxx.se/docs/CVE-2019-5482.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/me • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. Un usuario o programa no privilegiado puede colocar un código y un archivo de configuración en una ruta (path) no privilegiada conocida (bajo C:/usr/local/) que hará que curl anterior a versión 7.65.1 incluyéndola, ejecute automáticamente el código en la invocación (como un "engine" openssl). Si ese curl es invocado por un usuario privilegiado, este puede hacer lo que desee. • http://www.openwall.com/lists/oss-security/2019/06/24/1 http://www.securityfocus.com/bid/108881 https://curl.haxx.se/docs/CVE-2019-5443.html https://security.netapp.com/advisory/ntap-20191017-0002 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-427: Uncontrolled Search Path Element •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. OnCommand Unified Manager para VMware vSphere, Linux y Windows antes de la versión 9.5 se envía sin ciertos encabezados de seguridad HTTP configurados que podrían permitir a un atacante obtener información confidencial a través de vectores no especificados. • https://security.netapp.com/advisory/ntap-20190509-0007 • CWE-254: 7PK - Security Features •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. OnCommand Unified Manager 7-Mode anterior a la versión 5.2.4 se envían sin ciertos encabezados de seguridad HTTP configurados que podrían permitir a un atacante obtener información confidencial a través de vectores no especificados. • https://security.netapp.com/advisory/ntap-20190509-0006 • CWE-319: Cleartext Transmission of Sensitive Information •