CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26991
https://notcve.org/view.php?id=CVE-2021-26991
Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote attacker to interact with Cloud Manager. Cloud Manager versiones anteriores a 3.9.4, contienen una política no segura de tipo Cross-Origin Resource Sharing (CORS) que podría permitir a un atacante remoto interactuar con Cloud Manager • https://security.netapp.com/advisory/NTAP-20210318-0002 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5641
https://notcve.org/view.php?id=CVE-2014-5641
The Cloud Manager (aka com.ileaf.cloud_manager) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación Cloud Manager 1.6 (también conocida como com.ileaf.cloud_manager) para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/582497 http://www.kb.cert.org/vuls/id/714937 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •
CVSS: 9.3EPSS: 34%CPEs: 3EXPL: 0CVE-2011-2654 – Novell Cloud Manager Insufficient Framework User Validation Vulnerability
https://notcve.org/view.php?id=CVE-2011-2654
The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session. La implementación de RPC en el servidor de Novell Cloud Manager v1.1.2 anterior a la revisión 3 no inicializa correctamente los objetos, que permite a atacantes remotos ejecutar código arbitrario mediante llamadas RPC que aprovechan los privilegios incorrectos asociados con una sesión parcialmente inicializado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Cloud Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application implements an RPC method. Due to incompletely initializing an object, the application will store a partially initialized session. • http://download.novell.com/Download?buildid=NSONlV5PqMo~ http://secunia.com/advisories/45845 http://www.securityfocus.com/bid/49432 http://www.securitytracker.com/id?1026006 http://zerodayinitiative.com/advisories/ZDI-11-278 • CWE-20: Improper Input Validation •