3 results (0.022 seconds)

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-27313 – Privilege Escalation Vulnerability in SnapCenter

https://notcve.org/view.php?id=CVE-2023-27313

12 Oct 2023 — SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user. Las versiones 3.x y 4.x de SnapCenter anteriores a la 4.9 son susceptibles a una vulnerabilidad que puede permitir que un usuario autenticado sin privilegios obtenga acceso como usuario administrador. • https://security.netapp.com/advisory/ntap-20230713-0002 • CWE-250: Execution with Unnecessary Privileges •

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-1096

https://notcve.org/view.php?id=CVE-2023-1096

12 May 2023 — SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user. • https://security.netapp.com/advisory/ntap-20230511-0011 • CWE-306: Missing Authentication for Critical Function •

CVSS: 6.1EPSS: 2%CPEs: 218EXPL: 9

CVE-2019-11358 – jQuery 3.3.1 - Prototype Pollution & XSS Exploit

https://notcve.org/view.php?id=CVE-2019-11358

19 Apr 2019 — jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propi... • https://packetstorm.news/files/id/190328 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •