19 matches found
EUVD-2016-9050
Malware in sbrugna...
Privilege escalation vulnerability in Node.js 20 could allow loading arbitrary OpenSSL engines when the experimental permission model is enabled (CVE-2023-30586).
A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine API can be used to bypass...
Heap buffer overflow in libwebp (CVE-2023-4863)
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Products Confirmed Not Affected No Brocade Fibre Channel products from Broadcom are known to be affected by this...
CVE-2022-45688 -A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data. Products Confirmed Not Affected No Brocade Fibre Channel Product from Broadcom Products is known to be affected by this vulnerability...
CVE-2023-34362 - a SQL injection vulnerability has been found in the MOVEit Transfer web application.
In Progress MOVEit Transfer before 2021.0.6 13.0.6, 2021.1.4 13.1.4, 2022.0.4 14.0.4, 2022.1.5 14.1.5, and 2023.0.1 15.0.1, a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database...
Certificate validation is disabled when requesting binaries
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path. Products Confirmed Not Affected No Brocade Fibre Channel Products from Broadcom products are known to be affected by this vulnerability...
CVE-2018-16850 - SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER ... REFERENCING.
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.More at:...
CVE-2022-43551 - HSTS check could be bypassed to trick it to keep using HTTP.
A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...
BSA-2021-1658
Security Advisory ID : BSA-2021-1658 Component : JDBC Appender in Apache Log4j Revision : 1.0 Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI...
BSA-2021-1487
Security Advisory ID : BSA-2021-1487 Component : Libarchive Revision : 1.0 libarchive 3.3.2 suffers from an out-of-bounds read within lhareaddatanone in archivereadsupportformatlha.c when extracting a specially crafted lha archive, related to lhacrc16. Affected Products Brocade SANnav versions...
USN-4302-1 linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux-azure vulnerabilities
Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested level 2 guest access the resources of a parent level 1 guest in certain situations. An attacker could use this to expose sensitive information. CVE-2020-2732 Gregory Herrero discovere...
USN-4301-1 linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-oracle-5.0, linux-azure vulnerabilities
It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information read memor...
USN-4286-1 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. CVE-2019-14615 It was discovered that a race condition existed in the Softmac USB Prism54 devi...
Brocade Fibre Channel SAN Product Brocade Fabric OS Cross-Site Scripting Vulnerability
Brocade Fibre Channel SAN products are all switch products of the American company Brocade Brocade, and Brocade Fabric OS FOS is a set of embedded systems running on them. A cross-site scripting vulnerability exists in the Web-based management interface of Brocade FOS versions prior to 7.4.2b,...
CVE-2017-6227
CVE-2017-6227 affects Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS). The IPv6 stack vulnerability allows a remote attacker to cause a denial-of-service (CPU consumption and device hang) by sending crafted Router Advertisement messages. Affected FOS versions include pre-7.4.2b...
BSA-2018-526
Security Advisory ID : BSA-2018-526 Component : Fabric OS IPv6 stack Revision : 2.0: Final A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS FOS could allow an unauthenticated, adjacent attacker to cause a denial of service CPU consumption and devic...
Brocade Fibre Channel SAN Privilege Escalation - Lenovo Support US
No description provided...
Brocade Fibre Channel SAN Privilege Escalation - us
Lenovo Security Advisory: LEN-14794 Potential Impact: Local privilege escalation Severity: High Scope of Impact: Industry-Wide CVE Identifier: CVE-2016-8202 Summary Description: A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS FOS releases earli...
Brocade Fibre Channel SAN Product Brocade Fabric OS Remote Elevation of Privilege Vulnerability
Brocade Fibre Channel SAN products are all switch products of the American company Brocade Brocade, and Brocade Fabric OS FOS is a set of embedded systems running on them. A remote elevation of privilege vulnerability exists in Brocade Fibre Channel SAN products with Brocade FOS versions prior to...