CVE-2024-21983 – Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2024-21983
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to an out of memory condition or node reboot. Las versiones de StorageGRID (anteriormente StorageGRID Webscale) anteriores a la 11.8 son susceptibles a una vulnerabilidad de denegación de servicio (DoS). La explotación exitosa por parte de un atacante autenticado podría provocar una condición de falta de memoria o el reinicio del nodo. • https://security.netapp.com/advisory/ntap-20240216-0012 • CWE-248: Uncaught Exception •
CVE-2024-21987 – Improper Authorization Vulnerability in SnapCenter
https://notcve.org/view.php?id=CVE-2024-21987
SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings Las versiones 4.8 de SnapCenter anteriores a la 5.0 son susceptibles a una vulnerabilidad que podría permitir a un usuario autenticado de SnapCenter Server modificar los ajustes de configuración de registro del sistema. • https://security.netapp.com/advisory/ntap-20240216-0001 • CWE-285: Improper Authorization •
CVE-2023-27318 – Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2023-27318
StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service. Las versiones 11.6.0 a 11.6.0.13 de StorageGRID (anteriormente StorageGRID Webscale) son susceptibles a una vulnerabilidad de denegación de servicio (DoS). Un exploit exitoso podría provocar una falla del servicio Local Distribution Router (LDR). • https://security.netapp.com/advisory/NTAP-20240202-0012 • CWE-248: Uncaught Exception •
CVE-2024-21985 – Privilege Escalation Vulnerability in ONTAP 9
https://notcve.org/view.php?id=CVE-2024-21985
ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege. Possible actions include viewing limited configuration details and metrics or modifying limited settings, some of which could result in a Denial of Service (DoS). Las versiones de ONTAP 9 anteriores a 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 y 9.13.1P4 son susceptibles a una vulnerabilidad que podría permitir a un usuario autenticado con múltiples cuentas remotas con diferentes roles realizar acciones a través de la API REST más allá de su privilegio pretendido. Las posibles acciones incluyen ver métricas y detalles de configuración limitados o modificar configuraciones limitadas, algunas de las cuales podrían resultar en una denegación de servicio (DoS). • https://security.netapp.com/advisory/ntap-20240126-0001 • CWE-269: Improper Privilege Management •
CVE-2024-20985 – mysql: Server: UDF unspecified vulnerability (CPU Jan 2024)
https://notcve.org/view.php?id=CVE-2024-20985
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). • https://security.netapp.com/advisory/ntap-20240201-0003 https://www.oracle.com/security-alerts/cpujan2024.html https://access.redhat.com/security/cve/CVE-2024-20985 https://bugzilla.redhat.com/show_bug.cgi?id=2258794 •