CVE-2020-8588
https://notcve.org/view.php?id=CVE-2020-8588
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs). Clustered Data ONTAP versiones anteriores a 9.3P20 y 9.5P15, son susceptibles a una vulnerabilidad que podría permitir a usuarios arrendatarios no autorizados detectar la existencia de datos en otras Storage Virtual Machines (SVMs) • https://security.netapp.com/advisory/ntap-20210201-0001 •
CVE-2020-8581
https://notcve.org/view.php?id=CVE-2020-8581
Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled. Clustered Data ONTAP versiones anteriores a 9.3P20 y 9.5, son susceptibles a una vulnerabilidad que podría permitir a un atacante autenticado pero no autorizado sobrescribir datos arbitrarios cuando la compatibilidad con VMware vStorage está habilitada • https://security.netapp.com/advisory/ntap-20210119-0001 •
CVE-2020-8576
https://notcve.org/view.php?id=CVE-2020-8576
Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information. Las versiones de Clustered Data ONTAP anteriores a 9.3P19, 9.5P14, 9.6P9 y 9.7, son susceptibles a una vulnerabilidad que, cuando se explota con éxito, podría conllevar a una adición o modificación de datos o a una divulgación de información confidencial • https://security.netapp.com/advisory/NTAP-20200902-0001 •
CVE-2019-10092 – Apache Httpd mod_proxy - Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-10092
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. En Apache HTTP Server versiones 2.4.0 hasta 2.4.39, se reportó un problema de cross-site scripting limitado que afecta la página de error de mod_proxy. Un atacante podría causar que el enlace sobre la página de error sea malformado y, en su lugar, apunte a una página de su elección. • https://www.exploit-db.com/exploits/47688 https://github.com/mbadanoiu/CVE-2019-10092 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html http://www.openwall.com/lists/oss-security/2019/08/15/4 http://www.openwall.com/lists/oss-security/2020/08/08/1 http://www.openwall.com/lists/oss-security/2020/08/08/9 https://access.redhat.com/errata/RHSA-2019:4126 https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-8936
https://notcve.org/view.php?id=CVE-2019-8936
NTP through 4.2.8p12 has a NULL Pointer Dereference. NTP hasta 4.2.8p12 tiene una desreferencia del puntero NULL. • https://github.com/snappyJack/CVE-2019-8936 http://bugs.ntp.org/show_bug.cgi?id=3565 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html http://support.ntp.org/bin/view/Main/SecurityNotice https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP http • CWE-476: NULL Pointer Dereference •