CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2019-5506
https://notcve.org/view.php?id=CVE-2019-5506
09 Oct 2019 — Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks. Clustered Data ONTAP versiones 9.0 y superiores, no aplica la comprobación del nombre de host bajo determinadas circunstancias, haciéndolos susceptibles de suplantación mediante ataques de tipo man-in-the-middle. • https://security.netapp.com/advisory/ntap-20191009-0003 • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 84%CPEs: 26EXPL: 4CVE-2019-10092 – Apache Httpd mod_proxy - Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-10092
27 Aug 2019 — In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. En Apache HTTP Server versiones 2.4.0 hasta 2.4.39, se reportó un problema de cross-site scripting limitado que afecta la ... • https://www.exploit-db.com/exploits/47688 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 58EXPL: 0CVE-2019-5490
https://notcve.org/view.php?id=CVE-2019-5490
21 Mar 2019 — Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY. Ciertas versiones entre la 2.x y la 5.x (véase el advisory) del firmware de NetApp Service Processor se distribuían con una cuenta por defecto habilitada que po... • http://support.lenovo.com/us/en/solutions/LEN-26771 • CWE-1188: Initialization of a Resource with an Insecure Default •