CVE-2024-21994 – CVE-2024-21994 Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2024-21994
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to a service crash. • https://security.netapp.com/advisory/ntap-20241108-0001 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2024-21988 – CVE-2024-21988 SSH Cryptographic Implementation Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2024-21988
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic implementation. Las versiones de StorageGRID (anteriormente StorageGRID Webscale) anteriores a 11.7.0.9 y 11.8.0.5 son susceptibles a la divulgación de información confidencial a través de ataques MiTM complejos debido a una vulnerabilidad en la implementación criptográfica SSH. • https://security.netapp.com/advisory/ntap-20240614-0010 •
CVE-2024-21984 – Reflected Cross-Site Scripting Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2024-21984
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability. Successful exploit requires the attacker to know specific information about the target instance and trick a privileged user into clicking a specially crafted link. This could allow the attacker to view or modify configuration settings or add or modify user accounts. Las versiones de StorageGRID (anteriormente StorageGRID Webscale) anteriores a la 11.8 son susceptibles a una vulnerabilidad difícil de explotar de Cross-Site Scripting (XSS) Reflejado. Una explotación exitosa requiere que el atacante conozca información específica sobre la instancia de destino y engañe a un usuario privilegiado para que haga clic en un enlace especialmente manipulado. • https://security.netapp.com/advisory/ntap-20240216-0013 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-21983 – Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2024-21983
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to an out of memory condition or node reboot. Las versiones de StorageGRID (anteriormente StorageGRID Webscale) anteriores a la 11.8 son susceptibles a una vulnerabilidad de denegación de servicio (DoS). La explotación exitosa por parte de un atacante autenticado podría provocar una condición de falta de memoria o el reinicio del nodo. • https://security.netapp.com/advisory/ntap-20240216-0012 • CWE-248: Uncaught Exception •
CVE-2023-27318 – Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2023-27318
StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service. Las versiones 11.6.0 a 11.6.0.13 de StorageGRID (anteriormente StorageGRID Webscale) son susceptibles a una vulnerabilidad de denegación de servicio (DoS). Un exploit exitoso podría provocar una falla del servicio Local Distribution Router (LDR). • https://security.netapp.com/advisory/NTAP-20240202-0012 • CWE-248: Uncaught Exception •