CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-21982 – CVE-2024-21982 Information Disclosure Vulnerability in ONTAP 9
https://notcve.org/view.php?id=CVE-2024-21982
ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an administrative user. Las versiones de ONTAP 9.4 y superiores son susceptibles a una vulnerabilidad que, cuando se explota con éxito, podría provocar la divulgación de información confidencial a atacantes sin privilegios cuando un usuario administrativo ejecuta el comando del generador de perfiles del almacén de objetos. • https://security.netapp.com/advisory/ntap-20240111-0001 •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 1CVE-2024-22198 – Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)
https://notcve.org/view.php?id=CVE-2024-22198
This issue may lead to authenticated remote code execution, privilege escalation, and information disclosure. • https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/system/settings.go#L18 https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/terminal/pty.go#L11 https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/internal/pty/pipeline.go#L29 https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/router/middleware.go#L45 https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/settings/server.go#L12 https://githu • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.0EPSS: 0%CPEs: 14EXPL: 1CVE-2024-22196 – Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)
https://notcve.org/view.php?id=CVE-2024-22196
This issue may lead to information disclosure. • https://github.com/0xJacky/nginx-ui/commit/ec93ab05a3ecbb6bcf464d9dca48d74452df8a5b https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h374-mm57-879c • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 1CVE-2024-22197 – Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)
https://notcve.org/view.php?id=CVE-2024-22197
This issue may lead to authenticated Remote Code Execution, Privilege Escalation, and Information Disclosure. • https://github.com/0xJacky/nginx-ui/commit/827e76c46e63c52114a62a899f61313039c754e3 https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-pxmr-q2x3-9x9m • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38267 – IBM Security Access Manager Appliance information disclosure
https://notcve.org/view.php?id=CVE-2023-38267
IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 260584. IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.6.1) podría permitir que un usuario local obtenga información de configuración confidencial. ID de IBM X-Force: 260584. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260584 https://www.ibm.com/support/pages/node/7106586 • CWE-311: Missing Encryption of Sensitive Data •