CVE-2020-13401
https://notcve.org/view.php?id=CVE-2020-13401
An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. Se detectó un problema en Docker Engine versiones anteriores a 19.03.11. Un atacante en un contenedor, con la capacidad CAP_NET_RAW, puede diseñar anuncios de router IPv6, y en consecuencia falsificar hosts IPv6 externos, obtener información confidencial o causar una denegación de servicio. • https://github.com/arax-zaeimi/Docker-Container-CVE-2020-13401 http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html http://www.openwall.com/lists/oss-security/2020/06/01/5 https://docs.docker.com/engine/release-notes https://github.com/docker/docker-ce/releases/tag/v19.03.11 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject. • CWE-20: Improper Input Validation •
CVE-2019-16209
https://notcve.org/view.php?id=CVE-2019-16209
A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections. Una vulnerabilidad, en la clase The ReportsTrustManager de Brocade SANnav versiones anteriores a v2.0, podría permitir a un atacante realizar un ataque man-in-the-middle contra conexiones Secure Sockets Layer (SSL). • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-868 • CWE-295: Improper Certificate Validation •
CVE-2019-16206
https://notcve.org/view.php?id=CVE-2019-16206
The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information. El mecanismo de autenticación, en las versiones de Brocade SANnav anteriores a la versión v2.0, registra las credenciales de la cuenta de texto sin formato en el nivel de registro de "rastreo" y "depuración"; lo que podría permitir que un atacante autenticado local acceda a información confidencial. • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-865 • CWE-311: Missing Encryption of Sensitive Data CWE-532: Insertion of Sensitive Information into Log File •
CVE-2019-16205
https://notcve.org/view.php?id=CVE-2019-16205
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal. Una vulnerabilidad, en Brocade SANnav versiones anteriores a v2.0, podría permitir a atacantes remotos forzar mediante fuerza bruta un ID de sesión válido. La vulnerabilidad es debido a un ID de sesión insuficientemente aleatorio para varias acciones posteriores a la autenticación en el portal SANnav. • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-864 • CWE-330: Use of Insufficiently Random Values •
CVE-2019-16210
https://notcve.org/view.php?id=CVE-2019-16210
Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save. Brocade SANnav versiones anteriores a v2.0, registra una contraseña de conexión de base de datos de texto plano mientras activa el guardado de soporte. • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-869 • CWE-311: Missing Encryption of Sensitive Data CWE-532: Insertion of Sensitive Information into Log File •