CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27313 – Privilege Escalation Vulnerability in SnapCenter
https://notcve.org/view.php?id=CVE-2023-27313
12 Oct 2023 — SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user. Las versiones 3.x y 4.x de SnapCenter anteriores a la 4.9 son susceptibles a una vulnerabilidad que puede permitir que un usuario autenticado sin privilegios obtenga acceso como usuario administrador. • https://security.netapp.com/advisory/ntap-20230713-0002 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38732
https://notcve.org/view.php?id=CVE-2022-38732
29 Sep 2022 — SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented. SnapCenter versiones anteriores a 4.7, eran enviadas sin la política de seguridad de contenidos (CSP) implementada, lo que podía permitir determinados tipos de ataques que de otro modo serían prevenidos • https://security.netapp.com/advisory/NTAP-20220926-0001 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23234
https://notcve.org/view.php?id=CVE-2022-23234
16 Mar 2022 — SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials. SnapCenter versiones anteriores a 4.5, son susceptibles de una vulnerabilidad que podría permitir a un atacante local autenticado detectar credenciales HANA en texto plano • https://security.netapp.com/advisory/ntap-20220228-0001 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.8EPSS: 54%CPEs: 24EXPL: 3CVE-2021-28165 – jetty: Resource exhaustion when receiving an invalid large TLS frame
https://notcve.org/view.php?id=CVE-2021-28165
01 Apr 2021 — In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. En Eclipse Jetty versiones 7.2.2 hasta 9.4.38, versiones 10.0.0.alpha0 hasta 10.0.1 y versiones 11.0.0.alpha0 hasta 11.0.1, el uso de CPU puede alcanzar el 100% al recibir una gran trama TLS no válida. When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is i... • https://github.com/uthrasri/CVE-2021-28165 • CWE-400: Uncontrolled Resource Consumption CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 0CVE-2017-7657 – jetty: HTTP request smuggling
https://notcve.org/view.php?id=CVE-2017-7657
26 Jun 2018 — In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrar... • http://www.securitytracker.com/id/1041194 • CWE-190: Integer Overflow or Wraparound CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •