|
212011
|
5.4 |
MEDIUM
Network
|
broadcom
|
sannav
|
Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, a…
|
NVD-CWE-noinfo
|
CVE-2020-15385
|
2024-11-21 14:05 |
2021-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212012
|
5.3 |
MEDIUM
Network
|
broadcom
|
sannav
|
Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-15384
|
2024-11-21 14:05 |
2021-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212013
|
7.5 |
HIGH
Network
|
broadcom
|
sannav
|
Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-15380
|
2024-11-21 14:05 |
2021-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212014
|
7.5 |
HIGH
Network
|
broadcom
|
brocade_sannav
|
Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.
|
CWE-20
Improper Input Validation
|
CVE-2020-15379
|
2024-11-21 14:05 |
2021-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212015
|
5.3 |
MEDIUM
Network
|
broadcom
|
sannav
|
The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface.
|
NVD-CWE-noinfo
|
CVE-2020-15378
|
2024-11-21 14:05 |
2021-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212016
|
9.8 |
CRITICAL
Network
|
broadcom
|
sannav
|
Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-15377
|
2024-11-21 14:05 |
2021-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212017
|
7.5 |
HIGH
Network
|
broadcom
|
fabric_operating_system
|
Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial…
|
NVD-CWE-noinfo
|
CVE-2020-15383
|
2024-11-21 14:05 |
2021-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212018
|
7.2 |
HIGH
Network
|
broadcom
|
brocade_sannav
|
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-15382
|
2024-11-21 14:05 |
2021-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212019
|
7.5 |
HIGH
Network
|
broadcom
|
sannav
|
Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-15381
|
2024-11-21 14:05 |
2021-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212020
|
9.0 |
CRITICAL
Network
|
mariadb
debian
percona
galeracluster
|
mariadb
debian_linux
xtradb_cluster
galera_cluster_for_mysql
|
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary…
|
CWE-77
Command Injection
|
CVE-2020-15180
|
2024-11-21 14:05 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
