CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 3CVE-2024-28757 – expat: XML Entity Expansion
https://notcve.org/view.php?id=CVE-2024-28757
10 Mar 2024 — libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). libexpat hasta 2.6.1 permite un ataque de expansión de entidad XML cuando hay un uso aislado de analizadores externos (creados a través de XML_ExternalEntityParserCreate). An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers. This update for expat fix... • https://github.com/RenukaSelvar/expat_CVE-2024-28757 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 9.4EPSS: 41%CPEs: 3EXPL: 3CVE-2024-22243 – CVE-2024-22243: Spring Framework URL Parsing with Host Validation
https://notcve.org/view.php?id=CVE-2024-22243
23 Feb 2024 — Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. Las aplicaciones que utilizan UriComponentsBuilder para analizar una URL proporcionada externamente (por ejemplo, a través de un parámetro de consulta) Y realizan comprobacione... • https://github.com/SeanPesce/CVE-2024-22243 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.4EPSS: 10%CPEs: 35EXPL: 0CVE-2024-1635 – Undertow: out-of-memory error after several closed connections with wildfly-http-client protocol
https://notcve.org/view.php?id=CVE-2024-1635
19 Feb 2024 — A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting Ser... • https://access.redhat.com/errata/RHSA-2024:1674 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21984 – Reflected Cross-Site Scripting Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2024-21984
16 Feb 2024 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability. Successful exploit requires the attacker to know specific information about the target instance and trick a privileged user into clicking a specially crafted link. This could allow the attacker to view or modify configuration settings or add or modify user accounts. Las versiones de StorageGRID (anteriormente StorageGRID Webscale) anteriores a la 11... • https://security.netapp.com/advisory/ntap-20240216-0013 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21983 – Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2024-21983
16 Feb 2024 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to an out of memory condition or node reboot. Las versiones de StorageGRID (anteriormente StorageGRID Webscale) anteriores a la 11.8 son susceptibles a una vulnerabilidad de denegación de servicio (DoS). La explotación exitosa por parte de un atacante autenticado podría provocar una condición de falta de memoria o el reinici... • https://security.netapp.com/advisory/ntap-20240216-0012 • CWE-248: Uncaught Exception •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21987 – Improper Authorization Vulnerability in SnapCenter
https://notcve.org/view.php?id=CVE-2024-21987
16 Feb 2024 — SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings Las versiones 4.8 de SnapCenter anteriores a la 5.0 son susceptibles a una vulnerabilidad que podría permitir a un usuario autenticado de SnapCenter Server modificar los ajustes de configuración de registro del sistema. • https://security.netapp.com/advisory/ntap-20240216-0001 • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27318 – Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2023-27318
05 Feb 2024 — StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service. Las versiones 11.6.0 a 11.6.0.13 de StorageGRID (anteriormente StorageGRID Webscale) son susceptibles a una vulnerabilidad de denegación de servicio (DoS). Un exploit exitoso podría provocar una falla del servicio Local Distribution Router (LDR). • https://security.netapp.com/advisory/NTAP-20240202-0012 • CWE-248: Uncaught Exception •
CVSS: 8.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-21985 – Privilege Escalation Vulnerability in ONTAP 9
https://notcve.org/view.php?id=CVE-2024-21985
26 Jan 2024 — ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege. Possible actions include viewing limited configuration details and metrics or modifying limited settings, some of which could result in a Denial of Service (DoS). Las versiones de ONTAP 9 anteriores a 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P... • https://security.netapp.com/advisory/ntap-20240126-0001 • CWE-269: Improper Privilege Management •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-20985 – mysql: Server: UDF unspecified vulnerability (CPU Jan 2024)
https://notcve.org/view.php?id=CVE-2024-20985
16 Jan 2024 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). • https://security.netapp.com/advisory/ntap-20240201-0003 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-20983 – mysql: Server: DML unspecified vulnerability (CPU Jan 2024)
https://notcve.org/view.php?id=CVE-2024-20983
16 Jan 2024 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.netapp.com/advisory/ntap-20240201-0009 • CWE-400: Uncontrolled Resource Consumption •