CVE-2019-10092 – Apache Httpd mod_proxy - Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-10092
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. En Apache HTTP Server versiones 2.4.0 hasta 2.4.39, se reportó un problema de cross-site scripting limitado que afecta la página de error de mod_proxy. Un atacante podría causar que el enlace sobre la página de error sea malformado y, en su lugar, apunte a una página de su elección. • https://www.exploit-db.com/exploits/47688 https://github.com/mbadanoiu/CVE-2019-10092 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html http://www.openwall.com/lists/oss-security/2019/08/15/4 http://www.openwall.com/lists/oss-security/2020/08/08/1 http://www.openwall.com/lists/oss-security/2020/08/08/9 https://access.redhat.com/errata/RHSA-2019:4126 https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-5490
https://notcve.org/view.php?id=CVE-2019-5490
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY. Ciertas versiones entre la 2.x y la 5.x (véase el advisory) del firmware de NetApp Service Processor se distribuían con una cuenta por defecto habilitada que podría permitir la ejecución no autorizada de comandos arbitrarios. Cualquier plataforma listada en la sección "impact" del advisory podría haberse visto afectada y debe actualizarse a una versión solucionada del firmware de Service Processor INMEDIATAMENTE. • http://support.lenovo.com/us/en/solutions/LEN-26771 https://security.netapp.com/advisory/ntap-20190305-0001 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVE-2019-8936
https://notcve.org/view.php?id=CVE-2019-8936
NTP through 4.2.8p12 has a NULL Pointer Dereference. NTP hasta 4.2.8p12 tiene una desreferencia del puntero NULL. • https://github.com/snappyJack/CVE-2019-8936 http://bugs.ntp.org/show_bug.cgi?id=3565 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html http://support.ntp.org/bin/view/Main/SecurityNotice https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP http • CWE-476: NULL Pointer Dereference •
CVE-2019-5491
https://notcve.org/view.php?id=CVE-2019-5491
Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user. Clustered Data ONTAP, en sus versiones anteriores a la 9.1P15 y las 9.3 anteriores a la 9.3P7,es susceptible a una vulnerabilidad que divulga información sensible a un usuario no autenticado. • http://www.securityfocus.com/bid/107183 https://security.netapp.com/advisory/ntap-20190227-0001 •
CVE-2018-5498
https://notcve.org/view.php?id=CVE-2018-5498
Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access. Clustered Data ONTAP, desde la versión 9.0 hasta la 9.4, es susceptible a una vulnerabilidad que permite a los atacantes autenticados de manera remota provocar una vulnerabilidad de denegación de servicio (DoS) en entornos NFS y SMB. La explotación de esta vulnerabilidad permitirá a un atacante remoto autenticado causar una denegación de servicio (DoS) en las versiones afectadas de Clustered Data ONTAP que estén configuradas para el acceso multiprotocolo. • https://security.netapp.com/advisory/ntap-20190115-0001 • CWE-20: Improper Input Validation •