CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-28169
https://notcve.org/view.php?id=CVE-2022-28169
25 Oct 2022 — Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a ... • https://security.netapp.com/advisory/ntap-20230127-0001 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-28170
https://notcve.org/view.php?id=CVE-2022-28170
25 Oct 2022 — Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. Los servicios de aplicaciones web de Brocade Fabric OS versiones anteriores a Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j, almacenan las contraseñas del servidor y del usuario en las declaraciones de depuración. Esto podría permitir a un usuario local extraer las contraseñas d... • https://security.netapp.com/advisory/ntap-20230127-0002 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-33179
https://notcve.org/view.php?id=CVE-2022-33179
25 Oct 2022 — A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. Una vulnerabilidad en Brocade Fabric OS CLI versiones anteriores a Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c y 7.4.2j, podría permitir a un usuario local autenticado salir de shells restringidos con "set context" y escalar privilegios • https://security.netapp.com/advisory/ntap-20230127-0004 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-33180
https://notcve.org/view.php?id=CVE-2022-33180
25 Oct 2022 — A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”. Una vulnerabilidad en Brocade Fabric OS CLI versiones anteriores a Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, podría permitir a un atacante local autenticado exportar archivos confidenciales con "seccryptocfg", "configupload" • https://security.netapp.com/advisory/ntap-20230127-0005 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-33181
https://notcve.org/view.php?id=CVE-2022-33181
25 Oct 2022 — An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”. Una vulnerabilidad de divulgación de información en Brocade Fabric OS CLI versiones anteriores a Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j, podría permitir a un atacante local autenticado leer archivos confidenciales usando los comandos de... • https://security.netapp.com/advisory/ntap-20230127-0006 •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 1CVE-2021-22876 – curl: Leak of authentication credentials in URL via automatic Referer
https://notcve.org/view.php?id=CVE-2021-22876
28 Mar 2021 — curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. curl versiones 7.1.1 hasta 7.75.0 incluyéndola, es vulnerable a una "Exposure of... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 1CVE-2021-22890 – curl: TLS 1.3 session ticket mix-up with HTTPS proxy host
https://notcve.org/view.php?id=CVE-2021-22890
28 Mar 2021 — curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the serve... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-290: Authentication Bypass by Spoofing CWE-300: Channel Accessible by Non-Endpoint •