Page 2 of 460 results (0.004 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-27319 – CVE-2023-27319 Information Disclosure Vulnerability in ONTAP Mediator

https://notcve.org/view.php?id=CVE-2023-27319

ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API. Las versiones de ONTAP Mediator anteriores a la 1.7 son susceptibles a una vulnerabilidad que puede permitir que un atacante no autenticado enumere URLs a través de la API REST. • https://security.netapp.com/advisory/ntap-20231221-0011 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-27317 – Information Disclosure Vulnerability in ONTAP 9

https://notcve.org/view.php?id=CVE-2023-27317

ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to disclosure of sensitive information to an attacker with physical access to the unlocked drives. ONTAP 9 versiones 9.12.1P8, 9.13.1P4 y 9.13.1P5 son susceptibles a una vulnerabilidad que hará que todas las unidades FIPS 140-2 conectadas a SAS se desbloqueen después de reiniciar el sistema o reiniciar el sistema o un único FIPS 140 conectado a SAS. -2 unidad para desbloquearse después de la reinserción. Esto podría dar lugar a la divulgación de información confidencial a un atacante con acceso físico a las unidades desbloqueadas. • https://security.netapp.com/advisory/NTAP-20231215-0001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

CVE-2023-27314 – Denial of Service Vulnerability in ONTAP 9

https://notcve.org/view.php?id=CVE-2023-27314

ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HTTP service. Las versiones de ONTAP 9 anteriores a 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 y 9.13.1 son susceptibles a una vulnerabilidad que podría permitir que un atacante remoto no autenticado provoque una falla del servicio HTTP. • https://security.netapp.com/advisory/ntap-20231009-0001 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0

CVE-2023-20900 – open-vm-tools: SAML token signature bypass

https://notcve.org/view.php?id=CVE-2023-20900

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . Un actor malicioso al que se le han otorgado Privilegios de Operación de Invitado https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html en una máquina virtual de destino es posible que pueda elevar sus privilegios si a esa máquina virtual de destino se le ha asignado un Alias de Invitado más privilegiado https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/ 07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html. An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias. • http://www.openwall.com/lists/oss-security/2023/08/31/1 http://www.openwall.com/lists/oss-security/2023/10/27/1 https://lists.debian.org/debian-lts-announce/2023/10/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message& • CWE-294: Authentication Bypass by Capture-replay CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1

CVE-2022-48064

https://notcve.org/view.php?id=CVE-2022-48064

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M https://security.netapp.com/advisory/ntap-20231006-0008 https://sourceware.org/bugzilla/show_bug.cgi?id=29922 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git • CWE-770: Allocation of Resources Without Limits or Throttling •