875 matches found
Security update provided in Brocade ASCG3.4.0b Base OS (OVA Deployment) for Rocky Linux Kernel
Security update provided in Brocade ASCG3.4.0b Base OS OVA Deployment for Rocky Linux Kernel CVE-2022-50673 - Linux Kernel 'ext4' Vulnerable to Use-After-Free via Improper Error Handling in 'ext4orphancleanup' CVE-2022-50865 - Linux Kernel Vulnerable to Signed Integer Overflow via Backlog Limit...
Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection (CVE-2026-27641)
Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...
Security updated provided in Brocade ASCG 3.4.0b for container-tools (CVE-2024-24785, CVE-2025-61729, CVE-2025-65637)
Security update provided in Brocade ASCG before ASCG 3.4.0b CVE-2024-24785 Title: Errors returned from JSON marshaling may break template escaping in html/template Description If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual...
Security update provided in Brocade ASCG3.4.0b Base OS (OVA Deployment) for glib2 (CVE-2025-13601), libsoup (CVE-2025-14523, CVE-2026-0719, CVE-2026-1761), libpng (CVE-2025-64720, CVE-2025-65018, CVE-2025-66293), python-urllib3 (CVE-2025-66418, CVE-2025-66471, CVE-2026-21441), gnupg2 (CVE-2025-68973)
Security update provided in Brocade ASCG3.4.0b Base OS OVA Deployment for glib2 CVE-2025-13601, libsoup CVE-2025-14523, CVE-2026-0719, CVE-2026-1761, libpng CVE-2025-64720, CVE-2025-65018, CVE-2025-66293, python-urllib3 CVE-2025-66418, CVE-2025-66471, CVE-2026-21441, gnupg2 CVE-2025-68973 Product...
Libssh: incorrect return code handling in ssh_kdf() in libssh
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...
AIDE Vulnerable to Improper Output Neutralization via Terminal Escape Sequences in Log and Report Output
AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...
Rocky Linux kernel security update Advisories in Brocade ASCG 3.4.0 Ova
Security updates are provided for multiple CVEs for Rocky Linux Kernel. kernel RLSA-2025:11850 CVE-2022-49977, CVE-2025-21905, CVE-2025-21919 kernel RLSA-2025:12752 CVE-2025-37890, CVE-2025-38079, CVE-2022-50020, CVE-2025-38052, CVE-2025-21928, CVE-2025-22020, kernel RLSA-2025:15008 CVE-2025-3833...
LibExpat Vulnerable to Denial-of-Service (DoS) via Uncontrolled Resource Consumption in 'xmlparse.c' File
CVE-2025-32990 A heap-buffer-overflow off-by-one flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds OOB NULL pointer write, resulting in memory...
GRUB2 Vulnerable to Out-of-Bounds Write via Network Boot Process in 'grub_strcpy()' Function
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...
Pip Vulnerable to Path Traversal via Lack of Symbolic Link Validation in 'unpacking.py' File
Pip is vulnerable to path traversal due to a lack of validation for symbolic links when Pip is used with instances of python which do not implement PEP 706. This could allow a remote attacker to extract a tar file outside of the intended directory...
Podman Vulnerable to Arbitrary File Write via Symbolic Link Traversal in 'play.go' File
Podman contains a symbolic link traversal vulnerability when the kube play command is used with a 'ConfigMap' or secret volume mount. A remote attacker could exploit this by creating a malicious symbolic link on the volume in order to overwrite the contents of arbitrary files, however the attacke...
UDisks Daemon Vulnerable to Local Privilege Escalation via Negative Index in Loop Device Handler
Udisks is vulnerable to out-of-bounds read due to improper validation of the index parameter in the loop device handler. This could allow an attacker to crash the UDisks daemon or perform local privilege escalation by accessing files owned by privileged users...
Path traversal issues in Vims tar.vim and zip.vim plugins
CVE-2025-53905 Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction...
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...
Requests Vulnerable to Information Disclosure via '.netrc' Credentials Leak in 'get_netrc_auth()' Function
Requests is vulnerable to leakage of .netrc credentials due to a URL parsing issue. An attacker could exploit this by supplying a maliciously-crafted URL to a victim, which could result in loss of said credentials and can be potentially used for accessing remote servers...
Application User custom defined accounts are not properly password protected in Brocade ASCG 3.4.0 (CVE-2026-0869)
Application User accounts with Brocade ASCG application privileges created by the administrator are not properly being password enforced. Any other user that learns of the assigned user name can access the custom created application manager account and gain access to the Brocade ASCG application...
Protobuf Pure-Python backend can be corrupted by exceeding the Python recursion limit
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...
GnuTLS Vulnerable to Memory Corruption via Double-Free upon Error when Exporting 'otherName' in SAN
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name SAN entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1deletestructure on an ASN.1 node it do...
OpenSSH security update for CVE-2025-26465
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...
Cache poisoning attacks with unsolicited RRs
Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through...
Out of bounds read for cookie path
A cookie is set using the secure keyword for https://target curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set. The same cookie name is set - but with just a slash as path path="/". Since this site is not secure,...
gdk-pixbuf Vulnerable to Heap Buffer Overflow via Malicious JPEG Images in 'gdk_pixbuf__jpeg_image_load_increment' Function
gdk-pixbuf is vulnerable to heap buffer overflow due to improper bounds handling in the gdkpixbufjpegimageloadincrement function and gbase64encodestep in glib. This could allow an attacker to trigger a denial-of-service or potentially cause the corruption of memory by processing maliciously craft...
libarchive Vulnerable to Memory Corruption via Integer Overflow in 'archive_read_format_rar_seek_data()' Function
A vulnerability has been identified in the libarchive library, specifically within the archivereadformatrarseekdata function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enablin...
sssd default kerberos configuration allows privilege escalation on ad-joined linux systems
A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...
GNU binutils Vulnerable to Memory Corruption via Heap-Based Buffer Overflow in 'elf_swap_shdr()' Function
binutils contains a heap-based buffer overflow vulnerability in its Linker component. A local attacker could exploit this by passing a maliciously crafted payload to a victim, which when executed could result in serious impacts to system confidentiality, integrity and availability...
Security update provided for multiple Go Open-source programming language
Security update provided for multiple Go Open-source programming language. CVE-2025-22871 Affects: net/http/internal The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjuncti...
Libsoup Vulnerable to Integer Overflow via Cookie Expiration Date Handling in Cookie Parsing Logic and Vulnerable to Information Exposure via Out-of-Bounds Read in HTTP Library Component
CVE-2025-4945 A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in...
OpenSSH security update (CVE-2025-61985)
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...
OpenSSL Stack buffer overflow in CMS AuthEnvelopedData parsing
Brocade Security has become aware of a stack buffer overflow that could lead to a crash, causing Denial of Service, or potentially remote code execution. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an...
OpenSSH security update (CVE-2025-61984)
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. A configuration...
Directory transversal vulnerability in Brocade Fabric OS before 9.2.1c2 and 9.2.2 through 9.2.2a using various shell commands (CVE-2025-58381)
A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories...
Privilege escalation in Brocade Fabric before 9.2.1c2 and 9.2.2 through 9.2.2a (CVE-2025-58382)
A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands as root using “supportsave”, “seccertmgmt”, “configupload...
The DisableForwarding directive does not fully adhere to the intended functionality as documented (CVE-2025-32728).
Brocade has become aware of an Expected Behavior Violation vulnerability in OpenSSH releases 7.4 through 9.9. In affected versions of sshd, the DisableForwarding directive does not disable X11 and agent forwarding, which may allow unintended access under certain configurations...
Curl vulnerabilities detected in SANnav images (CVE-2025-4947, CVE-2025-5025)
The Curl vulnerabilities identified are located within open source components utilized by Brocade SANnav, however the vulnerable code is not compiled into the final product. As a part of good security practice, the open source component was updated in the SANnav 3.0.0 release. CVE-2025-4947 libcu...
Directory transversal vulnerability in Brocade Fabric OS before 9.2.1 using grep command (CVE-2025-58380)
A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories...
Multiple Vulnerabilities in Apache Kafka
Multiple Vulnerabilities addressed in Apache Kafka CVE-2023-25194 A possible security vulnerability has been identified in Apache Kafka Connect. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a...
libcurl's ASN1 parser code has the GTime2str() function, used for parsing an ASN.1 (CVE-2024-7264)
A flaw was found in libcurl, where libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the time fraction , leading to a strlen performed on a pointer to a heap...
PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation
Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13,...
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak...
Multiple Linux Security Updates applied to Brocade Fabric OS 10.0
Multiple Linux Security Updates applied to Brocade Fabric OS 10.0.0. While the Brocade Fabric OS is not affected by any of these public vulnerabilities, security updates have been applied as part of a proactive security practice CVE-2024-26596 Brocade Fabric OS before 10.0.0 not affected VEX...
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c
In elfutils 0.183, an infinite loop was found in the function handlesymtab in readelf.c .Which allows attackers to cause a denial of service infinite loop via crafted file...
Glib GVariant deserialization fails to validate input
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service...
The x509 application adds trusted use instead of rejected use
Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as trusted for that use. A copy & paste...
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time
libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time...
This flaw allows a malicious HTTP server to set "super cookies" in curl
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...
A heap out-of-bounds read flaw was found in builtin.c in the gawk package
A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information...
Scan discovered multiple CVEs against glibc
Binary scan of Brocade Fabric OS identified multiple potential CVEs against glibc CVE-2020-6096 An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on ARMv7 targets that utilize the GNU glibc implementation with a negativ...
A denial of service vulnerability exists in curl
A denial of service vulnerability exists in curl v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doi...
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0
An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this...