CVSS: 4.7EPSS: 0%CPEs: 16EXPL: 0CVE-2021-27003
https://notcve.org/view.php?id=CVE-2021-27003
12 Oct 2021 — Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack. Clustered Data ONTAP versiones anteriores a 9.5P18, 9.6P15, 9.7P14, 9.8P5 y 9.9.1 carecen de un encabezado X-Frame-Options que podría permitir un ataque de clickjacking • https://security.netapp.com/advisory/ntap-20211012-0001 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-26994
https://notcve.org/view.php?id=CVE-2021-26994
04 Jun 2021 — Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service (DoS) on a cluster node. Clustered Data ONTAP versiones anteriores a 9.7P13 y 9.8P3, son susceptibles a una vulnerabilidad que podría permitir a cargas de trabajo individuales causar una Denegación de Servicio (DoS) en un nodo del clúster • https://security.netapp.com/advisory/NTAP-20210601-0001 •
CVSS: 3.3EPSS: 0%CPEs: 33EXPL: 0CVE-2020-8590
https://notcve.org/view.php?id=CVE-2020-8590
08 Feb 2021 — Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true. Clustered Data ONTAP versiones anteriores a 9.1P18 y 9.3P12, son susceptibles a una vulnerabilidad que podría permitir a un atacante detectar nombres de nodo por medio de paquetes de AutoSupport inclusive cuando el parámetro –remove-private-data es establecido en verdadero • https://security.netapp.com/advisory/NTAP-20210208-0003 •
CVSS: 3.3EPSS: 0%CPEs: 13EXPL: 0CVE-2020-8578
https://notcve.org/view.php?id=CVE-2020-8578
08 Feb 2021 — Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true. Clustered Data ONTAP versiones anteriores a 9.3P20, son susceptibles a una vulnerabilidad que podría permitir a un atacante detectar nombres de nodo por medio de paquetes de AutoSupport inclusive cuando el parámetro –remove-private-data se establece en true • https://security.netapp.com/advisory/NTAP-20210208-0002 •
CVSS: 3.5EPSS: 0%CPEs: 19EXPL: 0CVE-2020-8589
https://notcve.org/view.php?id=CVE-2020-8589
03 Feb 2021 — Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs. Clustered Data ONTAP versiones anteriores a 9.3P20 y 9.5P15, son susceptibles a una vulnerabilidad que podría permitir a usuarios arrendatarios no autorizados detectar los nombres de otras Storage Virtual Machines (SVMs) y los nombres de archivo en esas SVM • https://security.netapp.com/advisory/ntap-20210201-0002 •
CVSS: 3.5EPSS: 0%CPEs: 19EXPL: 0CVE-2020-8588
https://notcve.org/view.php?id=CVE-2020-8588
03 Feb 2021 — Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs). Clustered Data ONTAP versiones anteriores a 9.3P20 y 9.5P15, son susceptibles a una vulnerabilidad que podría permitir a usuarios arrendatarios no autorizados detectar la existencia de datos en otras Storage Virtual Machines (SVMs) • https://security.netapp.com/advisory/ntap-20210201-0001 •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2020-8581
https://notcve.org/view.php?id=CVE-2020-8581
19 Jan 2021 — Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled. Clustered Data ONTAP versiones anteriores a 9.3P20 y 9.5, son susceptibles a una vulnerabilidad que podría permitir a un atacante autenticado pero no autorizado sobrescribir datos arbitrarios cuando la compatibilidad con VMware vStorage está habilitada • https://security.netapp.com/advisory/ntap-20210119-0001 •
CVSS: 5.5EPSS: 0%CPEs: 94EXPL: 0CVE-2020-8576
https://notcve.org/view.php?id=CVE-2020-8576
02 Sep 2020 — Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information. Las versiones de Clustered Data ONTAP anteriores a 9.3P19, 9.5P14, 9.6P9 y 9.7, son susceptibles a una vulnerabilidad que, cuando se explota con éxito, podría conllevar a una adición o modificación de datos o a una divulgación de información confidencial • https://security.netapp.com/advisory/NTAP-20200902-0001 •
CVSS: 6.1EPSS: 4%CPEs: 26EXPL: 4CVE-2019-10092 – Apache Httpd mod_proxy - Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-10092
27 Aug 2019 — In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. En Apache HTTP Server versiones 2.4.0 hasta 2.4.39, se reportó un problema de cross-site scripting limitado que afecta la ... • https://www.exploit-db.com/exploits/47688 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 335EXPL: 0CVE-2019-10247 – jetty: error path information disclosure
https://notcve.org/view.php?id=CVE-2019-10247
22 Apr 2019 — In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the ... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •