Security Vulnerabilities - CVEs Published In November 2019
Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with access rights matching the user who created the dashboard.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-11-08
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-11-08
The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-11-08
Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-11-08
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).
CVSS Score
7.5
EPSS Score
0.001
Published
2019-11-08
A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.
CVSS Score
7.4
EPSS Score
0.002
Published
2019-11-08
Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-11-08
In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-11-08
mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-11-08
tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-08