5.7
CVE-2024-29964 - Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker β¦
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.
5.5
CVE-2024-29962 - Insecure file permission setting that makes files world-readable
Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java binary.
1.9
CVE-2024-29963 - Brocade SANnav contains hardcoded TLS keys used by Docker
Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries.
8.2
CVE-2024-29961 - supply-chain attack risk
A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behβ¦
6.8
CVE-2024-29960 - Identical SSH keys utilized inside the OVA image (CVE-2024-29960)
In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.β¦
8.6
CVE-2024-29959 - Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save.
7.5
CVE-2024-29958 - Encryption key in the console when a privileged user executes the script to replace the Brocade SANβ¦
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to acquiring the encryption kβ¦
7.5
CVE-2024-29957 - Encryption key is stored in the DR log files
When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key.
7.2
CVE-2024-3600 - Poll Maker β Best WordPress Poll Plugin <= 5.1.8 - Missing Authorization to Unauthenticated Stored β¦
The Poll Maker β Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition to insufficient escaping and sanitization in all versions up to, and including, 5.1.8. This makesβ¦
6.1
CVE-2024-3731 - Customer Reviews for WooCommerce <= 5.47.0 - Reflected Cross-Site Scripting via 's'
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbβ¦