CVE-2024-21988 – CVE-2024-21988 SSH Cryptographic Implementation Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2024-21988
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic implementation. Las versiones de StorageGRID (anteriormente StorageGRID Webscale) anteriores a 11.7.0.9 y 11.8.0.5 son susceptibles a la divulgación de información confidencial a través de ataques MiTM complejos debido a una vulnerabilidad en la implementación criptográfica SSH. • https://security.netapp.com/advisory/ntap-20240614-0010 •
CVE-2018-19039 – grafana: File exfiltration
https://notcve.org/view.php?id=CVE-2018-19039
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. Grafana en versiones anteriores a la 4.6.5 y versiones 5.x anteriores a la 5.3.3 permite que usuarios autenticados remotos lean archivos arbitrarios aprovechando los permisos Editor o Admin. A security issue was found that could allow any users with Editor or Admin permissions in Grafana to read any file that the Grafana process can read from the filesystem. However, in order to exploit this issue you would need to be logged in to the system as a legitimate user with Editor or Admin permissions. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html http://www.securityfocus.com/bid/105994 https://access.redhat.com/errata/RHSA-2019:0747 https://access.redhat.com/errata/RHSA-2019:0911 https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961 https://security.netapp.com/advisory/ntap-20190416-0004 https://www.percona.com/blog/2018/11/20/how-cve-2018-19039-affects-percona-monitoring-and-management https://access.redhat.com/security/cv • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-5495
https://notcve.org/view.php?id=CVE-2018-5495
All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin Node via HTTP or to take over services on the Admin Node. Todas las versiones de StorageGRID Webscale son susceptibles a una vulnerabilidad que podría permitir que un atacante no autenticado se comunique con los sistemas en la misma red que el nodo de administrador de StorageGRID Webscale mediante HTTP u obtenga el control de los servicios en dicho nodo. • https://security.netapp.com/advisory/ntap-20181114-0001 •
CVE-2018-18065 – net-snmp 5.7.3 - (Authenticated) Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2018-18065
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. _set_key en agent/helpers/table_container.c en Net-SNMP en versiones anteriores a la 5.8 tiene un error de excepción de puntero NULL que puede ser empleado por un atacante autenticado para provocar el cierre inesperado de la instancia de forma remota mediante un paquete UDP manipulado, lo que resulta en una denegación de servicio (DoS). • https://www.exploit-db.com/exploits/45547 http://www.securityfocus.com/bid/106265 https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf https://dumpco.re/blog/net-snmp-5.7.3-remote-dos https://security.netapp.com/advisory/ntap-20181107-0001 https://security.paloaltonetworks.com/CVE-2018-18065 https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d https://usn.ubuntu.com/3792-1 https://usn.ubuntu.com/3792-2 https://usn.ubuntu.com/3792-3 • CWE-476: NULL Pointer Dereference •
CVE-2018-18066 – net-snmp: NULL pointer exception in snmp_oid_compare in snmplib/snmp_api.c resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-18066
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. snmp_oid_compare en snmplib/snmp_api.c en Net-SNMP en versiones anteriores a la 5.8 tiene un error de excepción de puntero NULL que puede ser empleado por un atacante no autenticado para provocar el cierre inesperado de la instancia de forma remota mediante un paquete UDP manipulado, lo que resulta en una denegación de servicio (DoS). • https://dumpco.re/blog/net-snmp-5.7.3-remote-dos https://security.netapp.com/advisory/ntap-20181107-0001 https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791 https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://access.redhat.com/security/cve/CVE-2018-18066 https://bugzilla.redhat.com/show_bug.cgi?id=1637572 • CWE-476: NULL Pointer Dereference •