CVSS: 3.5EPSS: 0%CPEs: 19EXPL: 0CVE-2020-8589
https://notcve.org/view.php?id=CVE-2020-8589
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs. Clustered Data ONTAP versiones anteriores a 9.3P20 y 9.5P15, son susceptibles a una vulnerabilidad que podría permitir a usuarios arrendatarios no autorizados detectar los nombres de otras Storage Virtual Machines (SVMs) y los nombres de archivo en esas SVM • https://security.netapp.com/advisory/ntap-20210201-0002 •
CVSS: 3.5EPSS: 0%CPEs: 19EXPL: 0CVE-2020-8588
https://notcve.org/view.php?id=CVE-2020-8588
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs). Clustered Data ONTAP versiones anteriores a 9.3P20 y 9.5P15, son susceptibles a una vulnerabilidad que podría permitir a usuarios arrendatarios no autorizados detectar la existencia de datos en otras Storage Virtual Machines (SVMs) • https://security.netapp.com/advisory/ntap-20210201-0001 •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2020-8581
https://notcve.org/view.php?id=CVE-2020-8581
Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled. Clustered Data ONTAP versiones anteriores a 9.3P20 y 9.5, son susceptibles a una vulnerabilidad que podría permitir a un atacante autenticado pero no autorizado sobrescribir datos arbitrarios cuando la compatibilidad con VMware vStorage está habilitada • https://security.netapp.com/advisory/ntap-20210119-0001 •
CVSS: 5.5EPSS: 0%CPEs: 94EXPL: 0CVE-2020-8576
https://notcve.org/view.php?id=CVE-2020-8576
Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information. Las versiones de Clustered Data ONTAP anteriores a 9.3P19, 9.5P14, 9.6P9 y 9.7, son susceptibles a una vulnerabilidad que, cuando se explota con éxito, podría conllevar a una adición o modificación de datos o a una divulgación de información confidencial • https://security.netapp.com/advisory/NTAP-20200902-0001 •
CVSS: 6.1EPSS: 8%CPEs: 26EXPL: 3CVE-2019-10092 – Apache Httpd mod_proxy - Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-10092
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. En Apache HTTP Server versiones 2.4.0 hasta 2.4.39, se reportó un problema de cross-site scripting limitado que afecta la página de error de mod_proxy. Un atacante podría causar que el enlace sobre la página de error sea malformado y, en su lugar, apunte a una página de su elección. • https://www.exploit-db.com/exploits/47688 https://github.com/mbadanoiu/CVE-2019-10092 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html http://www.openwall.com/lists/oss-security/2019/08/15/4 http://www.openwall.com/lists/oss-security/2020/08/08/1 http://www.openwall.com/lists/oss-security/2020/08/08/9 https://access.redhat.com/errata/RHSA-2019:4126 https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •