Cleartext storage of sensitive information in Brocade SANnav server audit logs. (CVE-2025-6390)

Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the...

Symantec Messaging Gateway 10 Exposure Of Stored AD Password

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest' require "openssl" class MetasploitModule 'Symantec Messaging Gateway 10 Exposure of Stored AD Password Vulnerability', 'Description' = %q This module wi...

openssl security update

1.1.1c-2 - do not try to use EC groups disallowed in FIPS mode in TLS - fix Valgrind regression with constant-time code 1.1.1c-1 - update to the 1.1.1c release 1.1.1b-6 - adjust the default cert pbe algorithm for pkcs12 -export in the FIPS mode 1.1.1b-5 - Fix small regressions related to the reba...

openssl security, bug fix, and enhancement update

1.1.1c-2 - do not try to use EC groups disallowed in FIPS mode in TLS - fix Valgrind regression with constant-time code 1.1.1c-1 - update to the 1.1.1c release 1.1.1b-6 - adjust the default cert pbe algorithm for pkcs12 -export in the FIPS mode 1.1.1b-5 - Fix small regressions related to the reba...

Cross site scripting

Password-based encryption PBE algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services Radius, TACAS, etc...

CVE-2019-16208

CVE-2019-16208 concerns Broadcom/Brocade SANnav prior to version 2.0, where the underlying password-based encryption (PBE) key-generation process is weak. This weakness may allow an attacker to decrypt passwords used by several services (e.g., Radius, TACACS) due to insufficient cryptographic str...

Sandbox Restrictions Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to...

Weak Implementation Of Password Cipher

nexus-ldap-common contains a weak implementation of password cipher. It stores the LDAP bind password using the PBE Key Spec with only 23 iterations and a hard-coded password. This allows the cipher to be easily defeated...

Symantec Brightmail 10.6.0-7 - LDAP Credentials Disclosure (Metasploit)

Exploit for java platform in category web applications Exploit Title: Symantec Brightmail ldap credential Grabber Date: 18/04/2016 Exploit Author: Fakhir Karim Reda Vendor Homepage:...

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2016-647) (SLOTH)

An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox...

Important: java-1.8.0-openjdk

Issue Overview: An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass...

Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20160120) (SLOTH)

An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox...

java security update

CentOS Errata and Security Advisory CESA-2016:0050 Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS...

Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20160120) (SLOTH)

An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox...

RHEL 6 : java-1.8.0-openjdk (RHSA-2016:0050)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0050 advisory. - TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol SLOTH CVE-2015-7575 - OpenJDK: URL deserialization inconsistencie...

Critical: Red Hat Security Advisory: java-1.8.0-openjdk security update

Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...