6.7
CVE-2025-6392 - Daily Data Dump Collector logs database password in cleartext when running docker exec commands (CV…
Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server adm…
5.1
CVE-2025-6390 - Cleartext storage of sensitive information in Brocade SANnav server audit logs.
Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the ho…
5.3
CVE-2025-7415 - Tenda O3V2 httpd getTraceroute fromTraceroutGet command injection
A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.12(3880). This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component httpd. The manipulation of the argument dest leads to command injection. The attack may be initiated re…
5.1
CVE-2025-4662 - Plaintext security passwords are logged in the audit logs while executing openssl cmd
Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs and…
5.3
CVE-2025-7414 - Tenda O3V2 httpd setPingInfo fromNetToolGet os command injection
A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely. …
8.2
CVE-2025-3947 - Integer underflow during processing of short network packets in CDA FTEB responder
The Honeywell Experion PKS contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in improper integer data value checking during subtraction leadin…
8.2
CVE-2025-3946 - Incorrect response generation during FTEB protocol processing
The Honeywell Experion PKS and OneWireless WDM contains a Deployment of Wrong Handler vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in incorrect handling of pac…
9.4
CVE-2025-2523 - Lack of buffer clearing before reuse may result in incorrect system behavior.
The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in a failure during subtracti…
6.5
CVE-2025-2522 - Lack of buffer clearing before reuse may result in incorrect system behavior.
The Honeywell Experion PKS and OneWireless WDM contains Sensitive Information in Resource vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in buffer reuse which …
8.6
CVE-2025-2521 - Lack of indexes’ validation against buffer borders leads to remote code execution.
The Honeywell Experion PKS and OneWireless WDM contains a Memory Buffer vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to an Overread Buffers, which could result in improper index validation against buffer borders leading …