CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21988 – CVE-2024-21988 SSH Cryptographic Implementation Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2024-21988
14 Jun 2024 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic implementation. Las versiones de StorageGRID (anteriormente StorageGRID Webscale) anteriores a 11.7.0.9 y 11.8.0.5 son susceptibles a la divulgación de información confidencial a través de ataques MiTM complejos debido a una vulnerabilidad en la implementación criptográfica SSH. • https://security.netapp.com/advisory/ntap-20240614-0010 •
CVSS: 6.5EPSS: 12%CPEs: 8EXPL: 0CVE-2018-19039 – grafana: File exfiltration
https://notcve.org/view.php?id=CVE-2018-19039
13 Dec 2018 — Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. Grafana en versiones anteriores a la 4.6.5 y versiones 5.x anteriores a la 5.3.3 permite que usuarios autenticados remotos lean archivos arbitrarios aprovechando los permisos Editor o Admin. A security issue was found that could allow any users with Editor or Admin permissions in Grafana to read any file that the Grafana process can read from the filesystem. However,... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5495
https://notcve.org/view.php?id=CVE-2018-5495
14 Nov 2018 — All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin Node via HTTP or to take over services on the Admin Node. Todas las versiones de StorageGRID Webscale son susceptibles a una vulnerabilidad que podría permitir que un atacante no autenticado se comunique con los sistemas en la misma red que el nodo de administrador de StorageGRID Webscale mediante HTTP u obtenga ... • https://security.netapp.com/advisory/ntap-20181114-0001 •
CVSS: 6.5EPSS: 4%CPEs: 16EXPL: 2CVE-2018-18065 – net-snmp 5.7.3 - (Authenticated) Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2018-18065
08 Oct 2018 — _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. _set_key en agent/helpers/table_container.c en Net-SNMP en versiones anteriores a la 5.8 tiene un error de excepción de puntero NULL que puede ser empleado por un atacante autenticado para provocar el cierre inesperado de la instancia de forma remota mediante un paque... • https://www.exploit-db.com/exploits/45547 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2018-18066 – net-snmp: NULL pointer exception in snmp_oid_compare in snmplib/snmp_api.c resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-18066
08 Oct 2018 — snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. snmp_oid_compare en snmplib/snmp_api.c en Net-SNMP en versiones anteriores a la 5.8 tiene un error de excepción de puntero NULL que puede ser empleado por un atacante no autenticado para provocar el cierre inesperado de la instancia de forma remota mediante un paquete UD... • https://dumpco.re/blog/net-snmp-5.7.3-remote-dos • CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2018-12099 – grafana: Cross-site Scripting (XSS) in dashboard links
https://notcve.org/view.php?id=CVE-2018-12099
11 Jun 2018 — Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. Grafana en versiones anteriores a la 5.2.0-beta1 tiene vulnerabilidades Cross-Site Scripting (XSS) en los enlaces del cuadro de mandos. • https://github.com/grafana/grafana/pull/11813 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 16EXPL: 0CVE-2016-10708 – openssh: Out of sequence NEWKEYS message can allow remote attacker to cause denial of service
https://notcve.org/view.php?id=CVE-2016-10708
21 Jan 2018 — sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. sshd en OpenSSH, en versiones anteriores a la 7.4, permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del demonio) mediante un mensaje NEWKEYS fuera de secuencia, tal y como demuestra Honggfuzz, relacionado con kex.c y p... • http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-12422
https://notcve.org/view.php?id=CVE-2017-12422
29 Aug 2017 — NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3.0.4, and 10.4.x before 10.4.0.2 allow remote authenticated users to delete arbitrary objects via unspecified vectors. NetApp StorageGRID Webscale 10.2.x en versiones anteriores a la 10.2.2.3, 10.3.x en versiones anteriores a la 10.3.0.4, y 10.4.x en versiones anteriores a la 10.4.0.2 permite que usuarios remotos autenticados eliminen objetos arbitrarios mediante vectores sin especificar. • http://www.securityfocus.com/bid/100535 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 69%CPEs: 87EXPL: 1CVE-2016-8610 – SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS
https://notcve.org/view.php?id=CVE-2016-8610
30 Jan 2017 — A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. Se ha encontrado un fallo de denegación de servicio en OpenSSL en las versiones 0.9.8, 1.0.1, 1.0.2 hasta la 1.0.2h y la 1.1.0 en la forma en la que el protocolo TLS/SSL de... • https://github.com/cujanovic/CVE-2016-8610-PoC • CWE-400: Uncontrolled Resource Consumption •