CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5508
https://notcve.org/view.php?id=CVE-2019-5508
25 Oct 2019 — Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS). Las versiones 9.2 hasta 9.4 de Clustered Data ONTAP, son susceptibles a una vulnerabilidad que permite a un atacante usar l2ping para causar una Denegación de Servicio (DoS). • https://security.netapp.com/advisory/ntap-20191024-0001 •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2019-5506
https://notcve.org/view.php?id=CVE-2019-5506
09 Oct 2019 — Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks. Clustered Data ONTAP versiones 9.0 y superiores, no aplica la comprobación del nombre de host bajo determinadas circunstancias, haciéndolos susceptibles de suplantación mediante ataques de tipo man-in-the-middle. • https://security.netapp.com/advisory/ntap-20191009-0003 • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 84%CPEs: 26EXPL: 4CVE-2019-10092 – Apache Httpd mod_proxy - Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-10092
27 Aug 2019 — In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. En Apache HTTP Server versiones 2.4.0 hasta 2.4.39, se reportó un problema de cross-site scripting limitado que afecta la ... • https://www.exploit-db.com/exploits/47688 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 58EXPL: 0CVE-2019-5490
https://notcve.org/view.php?id=CVE-2019-5490
21 Mar 2019 — Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY. Ciertas versiones entre la 2.x y la 5.x (véase el advisory) del firmware de NetApp Service Processor se distribuían con una cuenta por defecto habilitada que po... • http://support.lenovo.com/us/en/solutions/LEN-26771 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5498
https://notcve.org/view.php?id=CVE-2018-5498
01 Feb 2019 — Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access. Clustered Data ONTAP, desde la versión 9.0 hasta la 9.4, es susceptible a una vulnerabilidad que permite a los atacantes autenti... • https://security.netapp.com/advisory/ntap-20190115-0001 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 18EXPL: 0CVE-2018-5497
https://notcve.org/view.php?id=CVE-2018-5497
24 Jan 2019 — Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user. Clustered Data ONTAP, en sus versiones anteriores a las 9.1P16, 9.3P10 y 9.4P5, es susceptible a una vulnerabilidad que divulga información sensible a un usuario no autenticado. • https://security.netapp.com/advisory/ntap-20190109-0001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •