Security Vulnerabilities - CVEs Published In June 2021
ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA).
CVSS Score
9.8
EPSS Score
0.002
Published
2021-06-09
The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location.
CVSS Score
6.6
EPSS Score
0.0
Published
2021-06-09
Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF).
CVSS Score
9.8
EPSS Score
0.006
Published
2021-06-09
The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-06-09
Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-06-09
Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-06-09
Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-06-09
Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-06-09
Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations.
CVSS Score
5.3
EPSS Score
0.004
Published
2021-06-09
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.
CVSS Score
7.4
EPSS Score
0.001
Published
2021-06-09