CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29955 – Insertion of Sensitive Information into Brocade SANnav Log File
https://notcve.org/view.php?id=CVE-2024-29955
17 Apr 2024 — A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key. Una vulnerabilidad en Brocade SANnav anterior a v2.3.1 y v2.3.0a podría permitir a un usuario privilegiado imprimir la clave cifrada de SANnav en los registros de inicio de PostgreSQL. Esto podría proporcionar a los atacantes una ruta adicional y menos prote... • https://support.broadcom.com/external/content/SecurityAdvisories/0/23239 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29952 – Clear text storage of sensistive information by manipulating command variables
https://notcve.org/view.php?id=CVE-2024-29952
17 Apr 2024 — A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables. Una vulnerabilidad en Brocade SANnav anterior a v2.3.1 y v2.3.0a podría permitir que un usuario autenticado imprima las contraseñas del almacén de claves Auth, Priv y SSL en registros no cifrados manipulando variables de comando. • https://support.broadcom.com/external/content/SecurityAdvisories/0/23238 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29951 – Brocade SANnav has weak encryption in internal SSH ports
https://notcve.org/view.php?id=CVE-2024-29951
17 Apr 2024 — Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection. Brocade SANnav anterior a v2.3.1 y v2.3.0a utiliza el hash SHA-1 en puertos SSH internos que no están abiertos a conexiones remotas. • https://support.broadcom.com/external/content/SecurityAdvisories/0/23237 • CWE-326: Inadequate Encryption Strength •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4162 – Segmentation fault in Brocade Fabric OS after Brocade Fabric OS v9.0
https://notcve.org/view.php?id=CVE-2023-4162
31 Aug 2023 — A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to crash a Brocade Fabric OS swith using the cli “passwdcfg --set -expire -minDiff“. Puede producirse un fallo de segmentación en Brocade Fabric OS después de Brocade Fabric OS v9.0 y antes de Brocade Fabric OS v9.2.0a a través del comando "passwdcfg". Esto podría permitir que un usuario privilegiado ... • https://security.netapp.com/advisory/ntap-20231124-0010 • CWE-125: Out-of-bounds Read CWE-252: Unchecked Return Value CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2022-33186 – Brocade Fabric OS Remote Code Execution / Information Disclosure
https://notcve.org/view.php?id=CVE-2022-33186
08 Dec 2022 — A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address. Una vulnerabilidad en el software Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j y versiones anteriores podría permitir que un atacante remoto no autenticado ejecute en un interruptor de Brocade Fabric OS... • https://packetstorm.news/files/id/190177 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.7EPSS: 0%CPEs: 20EXPL: 1CVE-2022-27774 – curl: credential leak on redirect
https://notcve.org/view.php?id=CVE-2022-27774
01 Jun 2022 — An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. Una vulnerabilidad de credenciales insuficientemente protegidas se presenta en curl versión 4.9 a e incluyen curl versión 7.82.0 están afectados que podría permitir a un atacante para extraer cred... • https://hackerone.com/reports/1543773 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 1CVE-2022-27775 – curl: bad local IPv6 connection reuse
https://notcve.org/view.php?id=CVE-2022-27775
01 Jun 2022 — An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. Se presenta una vulnerabilidad de divulgación de información en curl versiones 7.65.0 a 7.82.0, son vulnerables que al usar una dirección IPv6 que estaba en el pool de conexiones pero con un id de zona diferente podría reusar una conexión en su lugar A vulnerability was found in curl. This securi... • https://hackerone.com/reports/1546268 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 1CVE-2022-27776 – curl: auth/cookie leak on redirect
https://notcve.org/view.php?id=CVE-2022-27776
01 Jun 2022 — A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. Una vulnerabilidad de credenciales insuficientemente protegidas fijada en curl versión 7.83.0, podría filtrar datos de autenticación o de encabezados de cookies en redireccionamientos HTTP al mismo host pero con otro número de puerto A vulnerability was found in curl. This security flaw allows leak authentication or cookie he... • https://hackerone.com/reports/1547048 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28161
https://notcve.org/view.php?id=CVE-2022-28161
09 May 2022 — An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode. Una vulnerabilidad de exposición de información a través de archivos de registro en Brocade SANNav versiones anteriores a Brocade SANnav 2.2.0, podría permitir a... • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1840 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.1EPSS: 0%CPEs: 20EXPL: 1CVE-2022-22576 – curl: OAUTH2 bearer bypass in connection re-use
https://notcve.org/view.php?id=CVE-2022-22576
29 Apr 2022 — An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). Se presenta una vulnerabilidad de autenticación inapropiada en curl versiones 7.33.0 hasta 7.82.0 incluyéndola, que podría permitir reúso de conexiones aute... • https://hackerone.com/reports/1526328 • CWE-287: Improper Authentication CWE-295: Improper Certificate Validation CWE-306: Missing Authentication for Critical Function •