CVE-2023-4654

Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1.

Source: CVE-2023-4654

CVE-2023-4653

Cross-site Scripting (XSS) – Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

Source: CVE-2023-4653

CVE-2023-4652

Cross-site Scripting (XSS) – Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

Source: CVE-2023-4652

CVE-2023-4163

In
Brocade Fabric OS before v9.2.0a, a local authenticated privileged user
can trigger a buffer overflow condition, leading to a kernel panic with
large input to buffers in the portcfgfportbuffers command.

Source: CVE-2023-4163

CVE-2023-4651

Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1.

Source: CVE-2023-4651

CVE-2023-4650

Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

Source: CVE-2023-4650

CVE-2023-4649

Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1.

Source: CVE-2023-4649

CVE-2023-31925

Brocade
SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords
in plaintext. A privileged user could retrieve these credentials with
knowledge and access to these log files. SNMP
credentials could be seen in SANnav SupportSave if the capture is
performed after an SNMP configuration failure causes an SNMP
communication log dump.

Source: CVE-2023-31925

CVE-2023-31424

Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a
allows remote unauthenticated users to bypass web authentication and
authorization.

Source: CVE-2023-31424

CVE-2023-4162

A
segmentation fault can occur in Brocade Fabric OS after Brocade Fabric
OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg
command. This
could allow an authenticated privileged user local user to crash a
Brocade Fabric OS swith using the cli “passwdcfg –set -expire
-minDiff“.

Source: CVE-2023-4162