CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38733
https://notcve.org/view.php?id=CVE-2022-38733
OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an authentication bypass vulnerability in the Data Warehouse component. Las versiones 7.3.1 a 7.3.14 de OnCommand Insight son susceptibles a una vulnerabilidad de omisión de autenticación en el componente de almacén de datos. • https://security.netapp.com/advisory/NTAP-20221220-0001 •
CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2020-10719 – undertow: invalid HTTP request with large chunk size
https://notcve.org/view.php?id=CVE-2020-10719
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling. Se detectó un fallo en Undertow en versiones anteriores a 2.1.1.Final, con respecto al procesamiento de peticiones HTTP no válidas con tamaños de fragmentos grandes. Este fallo permite a un atacante tomar ventaja del tráfico no autorizado de peticiones HTTP. A flaw was found in Undertow, regarding the processing of invalid HTTP requests with large chunk sizes. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719 https://security.netapp.com/advisory/ntap-20220210-0014 https://access.redhat.com/security/cve/CVE-2020-10719 https://bugzilla.redhat.com/show_bug.cgi?id=1828459 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5498
https://notcve.org/view.php?id=CVE-2019-5498
OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user. OnCommand Insight versiones hasta 7.3.6, pueden divulgar información confidencial de la cuenta a un usuario autenticado. • https://security.netapp.com/advisory/ntap-20190809-0001 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5496
https://notcve.org/view.php?id=CVE-2019-5496
Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. Las versiones de Oncommand Insight anteriores a la 7.3.5 se envían sin ciertos encabezados de seguridad HTTP configurados, lo que podría permitir a un atacante obtener información sensible a través de vectores no especificados. • https://security.netapp.com/advisory/ntap-20190509-0005 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 57EXPL: 1CVE-2019-7317 – libpng: use-after-free in png_image_free in png.c
https://notcve.org/view.php?id=CVE-2019-7317
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. La función png_image_free en el archivo png.c en libpng versiones 1.6.x anteriores a 1.6.37, presenta un uso de la memoria previamente liberada porque la función png_image_free_function es llamada bajo png_safe_execute. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html http://www.securityfocus.com/bid/108098 https:/ • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •