Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.6 views

CVE-2025-12772

Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The...

8.5CVSS8.4AI score0.00262EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.6 views

PT-2026-5696

Name of the Vulnerable Software and Affected Versions Brocade SANnav versions prior to 2.4.0b Description Brocade SANnav before version 2.4.0b improperly handles logging of the Brocade Fabric OS Switch admin password. The password is logged in clear text within the SANnav support save logs...

8.5CVSS8.3AI score0.00262EPSS
Exploits0References4
Broadcom
Broadcom
added 2026/01/27 12:0 a.m.13 views

Plaintext Switch admin login password is seen in Brocade SANnav support save (CVE-2025-12772)

Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The...

8.5CVSS5.9AI score0.00262EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2026/01/22 12:0 a.m.10 views

Versa Concerto Improper Authentication Vulnerability

Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs...

9.2CVSS5.5AI score0.83479EPSS
In wildExploits1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-16087

Malicious code in bioql PyPI...

9.2CVSS9.3AI score0.83479EPSS
Exploits1References1
NVD
NVD
added 2025/05/28 5:15 p.m.16 views

CVE-2025-48928

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025...

4CVSS0.00366EPSS
Exploits0References2
OSV
OSV
added 2025/05/21 10:15 p.m.5 views

CVE-2025-34026

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is kno...

7.5CVSS7.5AI score0.83479EPSS
Exploits1References3
NVD
NVD
added 2025/05/21 10:15 p.m.18 views

CVE-2025-34026

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is kno...

9.2CVSS0.83479EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/05/21 12:0 a.m.6 views

PT-2025-22440

Name of the Vulnerable Software and Affected Versions Versa Concerto versions 12.1.2 through 12.2.0 Description The Versa Concerto SD-WAN orchestration platform has an authentication bypass issue in the Traefik reverse proxy configuration. This allows an attacker to access administrative endpoint...

9.2CVSS7.5AI score0.83479EPSS
Exploits1References30
Fedora
Fedora
added 2024/03/07 10:33 p.m.19 views

[SECURITY] Fedora 40 Update: jol-0.17-5.fc40

JOL Java Object Layout is a tiny toolbox to analyze Java object layouts. These tools use Unsafe, JVMTI, and Serviceability Agent SA heavily to decode the actual object layout, footprint, and references. This makes JOL much more accurate than other tools relying on heap dumps, specification...

8.8CVSS6.8AI score0.02557EPSS
Exploits3
OSV
OSV
added 2023/01/20 6:15 p.m.5 views

CVE-2022-38112

In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext...

7.5CVSS5.8AI score0.00412EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/20 12:0 a.m.4 views

PT-2023-13593 · Dpa · Dpa

Name of the Vulnerable Software and Affected Versions: DPA versions 2022.4 and earlier Description: The issue concerns generated heap memory dumps that contain sensitive information in cleartext. Recommendations: For DPA versions 2022.4 and earlier, at the moment, there is no information about a...

7.5CVSS7.4AI score0.00412EPSS
Exploits0References4
OSV
OSV
added 2021/10/06 3:15 p.m.4 views

CVE-2021-0693

In openFile of HeapDumpProvider.java, there is a possible way to retrieve generated heap dumps from debuggable apps due to an unprotected provider. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS5.9AI score0.00111EPSS
Exploits0References1
Prion
Prion
added 2021/10/06 3:15 p.m.19 views

Heap overflow

In openFile of HeapDumpProvider.java, there is a possible way to retrieve generated heap dumps from debuggable apps due to an unprotected provider. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

2.1CVSS5.2AI score0.00111EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/06 2:11 p.m.22 views

CVE-2021-0693

In openFile of HeapDumpProvider.java, there is a possible way to retrieve generated heap dumps from debuggable apps due to an unprotected provider. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.4AI score0.00111EPSS
Exploits0References1
CVE
CVE
added 2021/10/06 2:11 p.m.107 views

CVE-2021-0693

CVE-2021-0693 pertains to Android 11 and involves the HeapDumpProvider.java openFile path, where an unprotected provider could allow retrieving generated heap dumps from debuggable apps. This creates a local information disclosure risk without requiring privileges or user interaction. The vulnera...

5.5CVSS5.1AI score0.00111EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/01/23 1:29 a.m.1 views

CVE-2017-16607

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within heapdumps.jsp. The issue results from the lack of proper validation...

7.5CVSS5.3AI score0.02847EPSS
Exploits0References3
Rows per page
Query Builder