CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38733
https://notcve.org/view.php?id=CVE-2022-38733
20 Dec 2022 — OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an authentication bypass vulnerability in the Data Warehouse component. Las versiones 7.3.1 a 7.3.14 de OnCommand Insight son susceptibles a una vulnerabilidad de omisión de autenticación en el componente de almacén de datos. • https://security.netapp.com/advisory/NTAP-20221220-0001 •
CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2020-10719 – undertow: invalid HTTP request with large chunk size
https://notcve.org/view.php?id=CVE-2020-10719
11 May 2020 — A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling. Se detectó un fallo en Undertow en versiones anteriores a 2.1.1.Final, con respecto al procesamiento de peticiones HTTP no válidas con tamaños de fragmentos grandes. Este fallo permite a un atacante tomar ventaja del tráfico no autorizado de peticiones HTTP. A flaw was found in Undertow, regarding the ... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5498
https://notcve.org/view.php?id=CVE-2019-5498
09 Aug 2019 — OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user. OnCommand Insight versiones hasta 7.3.6, pueden divulgar información confidencial de la cuenta a un usuario autenticado. • https://security.netapp.com/advisory/ntap-20190809-0001 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5496
https://notcve.org/view.php?id=CVE-2019-5496
10 May 2019 — Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. Las versiones de Oncommand Insight anteriores a la 7.3.5 se envían sin ciertos encabezados de seguridad HTTP configurados, lo que podría permitir a un atacante obtener información sensible a través de vectores no especificados. • https://security.netapp.com/advisory/ntap-20190509-0005 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 57EXPL: 1CVE-2019-7317 – libpng: use-after-free in png_image_free in png.c
https://notcve.org/view.php?id=CVE-2019-7317
04 Feb 2019 — png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. La función png_image_free en el archivo png.c en libpng versiones 1.6.x anteriores a 1.6.37, presenta un uso de la memoria previamente liberada porque la función png_image_free_function es llamada bajo png_safe_execute. It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker ... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13652
https://notcve.org/view.php?id=CVE-2017-13652
31 Jul 2018 — NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface. NetApp OnCommand Insight 7.3.0 y en versiones anteriores a la 7.2.0 es susceptible a ataques de secuestro de clics, lo que podría provocar que un usuario realice una acción no planeada en la interfaz de usuario. • https://security.netapp.com/advisory/ntap-20180731-0001 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5600
https://notcve.org/view.php?id=CVE-2017-5600
02 Feb 2017 — The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account. El componente Data Warehouse en NetApp OnCommand Insight en versiones anteriores a 7.2.3 permite a atacantes remotos obtener acceso administrativo aprovechando una cuenta privilegiada predeterminada. • http://www.securityfocus.com/bid/96041 • CWE-798: Use of Hard-coded Credentials •