CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2023-41748
https://notcve.org/view.php?id=CVE-2023-41748
31 Aug 2023 — Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. • https://security-advisory.acronis.com/advisories/SEC-5816 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41747
https://notcve.org/view.php?id=CVE-2023-41747
31 Aug 2023 — Sensitive information disclosure due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. Sensitive information disclosure due to unauthenticated path traversal. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. • https://security-advisory.acronis.com/advisories/SEC-5811 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2023-41746
https://notcve.org/view.php?id=CVE-2023-41746
31 Aug 2023 — Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. • https://security-advisory.acronis.com/advisories/SEC-5810 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0421 – Cloud Manager <= 1.0 - Reflected XSS
https://notcve.org/view.php?id=CVE-2023-0421
12 Apr 2023 — The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link. The Cloud Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ricerca’ parameter in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers... • https://wpscan.com/vulnerability/a356fea0-f143-4736-b2b2-c545c525335c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27002
https://notcve.org/view.php?id=CVE-2021-27002
11 Oct 2021 — NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy. NetApp Cloud Manager versiones anteriores a 3.9.10, son susceptibles de sufrir una vulnerabilidad que podría permitir a un atacante remoto no autenticado recuperar datos confidenciales por medio del proxy web • https://security.netapp.com/advisory/ntap-20211011-0001 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26999
https://notcve.org/view.php?id=CVE-2021-26999
06 Aug 2021 — NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version. NetApp Cloud Manager versiones anteriores a 3.9.9, registran información confidencial cuando comete un fallo una conexión Active Directory. La inform... • https://security.netapp.com/advisory/NTAP-20210805-0012 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26998
https://notcve.org/view.php?id=CVE-2021-26998
06 Aug 2021 — NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version. NetApp Cloud Manager versiones anteriores a 3.9.9, registran información confidencial que sólo está disponible para usuarios autenticados. Los clientes con la actualización automática habilitada deberían estar ... • https://security.netapp.com/advisory/NTAP-20210805-0011 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 13%CPEs: 24EXPL: 3CVE-2021-28165 – jetty: Resource exhaustion when receiving an invalid large TLS frame
https://notcve.org/view.php?id=CVE-2021-28165
01 Apr 2021 — In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. En Eclipse Jetty versiones 7.2.2 hasta 9.4.38, versiones 10.0.0.alpha0 hasta 10.0.1 y versiones 11.0.0.alpha0 hasta 11.0.1, el uso de CPU puede alcanzar el 100% al recibir una gran trama TLS no válida. When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is i... • https://github.com/uthrasri/CVE-2021-28165 • CWE-400: Uncontrolled Resource Consumption CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26990
https://notcve.org/view.php?id=CVE-2021-26990
19 Mar 2021 — Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files. Cloud Manager versiones anteriores a 3.9.4, son susceptibles a una vulnerabilidad que podría permitir a un atacante remoto sobrescribir archivos arbitrarios del sistema • https://security.netapp.com/advisory/NTAP-20210318-0001 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26992
https://notcve.org/view.php?id=CVE-2021-26992
19 Mar 2021 — Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS). Cloud Manager versiones anteriores a 3.9.4, son susceptibles a una vulnerabilidad que podría permitir a un atacante remoto causar una Denegación de servicio (DoS) • https://security.netapp.com/advisory/NTAP-20210318-0003 •