Page 2 of 21 results (0.007 seconds)

CVSS: 3.5EPSS: 0%CPEs: 19EXPL: 0

Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs). Clustered Data ONTAP versiones anteriores a 9.3P20 y 9.5P15, son susceptibles a una vulnerabilidad que podría permitir a usuarios arrendatarios no autorizados detectar la existencia de datos en otras Storage Virtual Machines (SVMs) • https://security.netapp.com/advisory/ntap-20210201-0001 •

CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0

Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled. Clustered Data ONTAP versiones anteriores a 9.3P20 y 9.5, son susceptibles a una vulnerabilidad que podría permitir a un atacante autenticado pero no autorizado sobrescribir datos arbitrarios cuando la compatibilidad con VMware vStorage está habilitada • https://security.netapp.com/advisory/ntap-20210119-0001 •

CVSS: 5.5EPSS: 0%CPEs: 94EXPL: 0

Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information. Las versiones de Clustered Data ONTAP anteriores a 9.3P19, 9.5P14, 9.6P9 y 9.7, son susceptibles a una vulnerabilidad que, cuando se explota con éxito, podría conllevar a una adición o modificación de datos o a una divulgación de información confidencial • https://security.netapp.com/advisory/NTAP-20200902-0001 •

CVSS: 6.1EPSS: 8%CPEs: 26EXPL: 3

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. En Apache HTTP Server versiones 2.4.0 hasta 2.4.39, se reportó un problema de cross-site scripting limitado que afecta la página de error de mod_proxy. Un atacante podría causar que el enlace sobre la página de error sea malformado y, en su lugar, apunte a una página de su elección. • https://www.exploit-db.com/exploits/47688 https://github.com/mbadanoiu/CVE-2019-10092 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html http://www.openwall.com/lists/oss-security/2019/08/15/4 http://www.openwall.com/lists/oss-security/2020/08/08/1 http://www.openwall.com/lists/oss-security/2020/08/08/9 https://access.redhat.com/errata/RHSA-2019:4126 https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 3%CPEs: 43EXPL: 0

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. Algunas implementaciones HTTP / 2 son vulnerables al almacenamiento en búfer de datos interal sin restricciones, lo que puede conducir a una denegación de servicio. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html http://www.openwall.com/lists/oss-security/2019/08/15/7 https://access.redhat.com/errata/RHSA-2019:2893 https://access.redhat.com/errata/RHSA-2019:2925 https://access.redhat.com/errata/RHSA-2019:2939 https://access.redhat.com/errata/RHSA-2019:2946 https:/ • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •