879 matches found
PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation
Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13,...
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0
An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this...
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time
libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time...
Privilege escalation in Brocade Fabric before 9.2.1c2 and 9.2.2 through 9.2.2a (CVE-2025-58382)
A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands as root using “supportsave”, “seccertmgmt”, “configupload...
The allocate_structures function insufficiently checks bounds before arithmetic multiplication
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocatestructures contains a sizet overflow in sacommon.c. The allocatestructures function insufficiently checks bounds before arithmetic...
A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing
GNU TLS is vulnerable to a denial-of-service DoS due to inefficient certificate processing in the libtasn1 library. An attacker could present a maliciously crafted certificate that contains a large amount of subject alternative name or name constraint inputs, potentially leading to excessive...
Kernel OVA security updates in ASCG 3.3.0a
CVE-2025-21756 vsock: Keep the binding until socket destruction CVE-2022-49011 hwmon: coretemp fix pci device refcount leak in nv1aramnew CVE-2024-53141 netfilter: ipset: add missing range check in bitmapipuadt CVE-2025-32462 Sudo before 1.9.17p1, when used with a sudoers file that specifies a ho...
Difficult to exploit Java SDK Updates in ASCG
Difficult to exploit vulnerabilities in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9,...
CLI history displays inline passwords
A vulnerability in the ascgshell, of Brocade ASCG before 3.3.0 stores any command executed in the Command Line Interface CLI in plain text within the command history. A local authenticated user that can access sensitive information like passwords within the CLI history leading to unauthorized...
Netty Vulnerable to Denial-of-Service (DoS) via Uncontrolled Memory Allocation in 'HttpPostRequestDecoder' Component
Netty is vulnerable to denial-of-service DoS due to insufficient restrictions on the amount of memory that is allocated in the HttpPostRequestDecoder component. An attacker could exploit this by sending maliciously crafted data in order to cause an out-of-memory OOM error and a denial-of-service...
Oracle Java SE Multiple Vulnerabilities (January 2025)
Oracle Java SE Multiple Vulnerabilities January 2025 CVE-2025-0509 CVSS 3.1 Base Score 7.3 CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H Brocade SANnav not affected: VEX Justification: Vulnerablecodenotpresent CVE-2025-21502 CVSS 3.1 Base Score 4.8 CVSS Vector:...
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue...
GNU Glibc Vulnerable to Memory Corruption via Heap Buffer Overflow during 'assert()' Failure (CVE-2025-0395)
GNU Glibc contains a memory corruption vulnerability that overflows the heap buffer by one or several bytes. The corruption occurs when the assert function fails under specific conditions. Heap buffer overflows are known to result in severe damage to the program's confidentiality, integrity, and...
Brocade ASCG 3.2.0 web interface does not enforce HSTS, as defined by RFC 6797 for ports 8030 and 8100
Brocade ASCG before 3.2.0 WebGui is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and...
Rocky Linux Kernel update in Brocade ASCG 3.2.0 for RLSA-2024:4211, RLSA-2024:5101, RLSA-2024:8856
Brocade ASCG 3.2.0 contains a new Rocky Linux Kernel with security updates for numerous security vulnerabilities. kernel RLSA-2024:4211 CVE-2021-47353, CVE-2024-27410, CVE-2023-52881, CVE-2024-26759, CVE-2023-52626, CVE-2024-35789, CVE-2024-36004, CVE-2023-52813, CVE-2023-52781, CVE-2024-35853,...
Deserialization of Untrusted Data affecting org.apache.sshd:sshd-common package (CVE-2022-45047)
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys ...
CVE-2022-0778 - Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Security Advisory ID: BSA-2022-1752 Component: OpenSSL Revision: 2.0 The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. More information is at https://www.openssl.org/news/secadv/20220315.txt Affected Products Broca...
BSA-2022-1747
Security Advisory ID : BSA-2022-1747 Component : Kernel Revision : 1.0 A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An...
BSA-2020-945
Security Advisory ID : BSA-2020-945 Component : SQLite Revision : 1.0 Various SQLite issues seen in SQLite versions through 3.31.1. CVE-2020-11656 - CVSS3.1 - 9.8 In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a...
AMNESIA:33. (BSA-2020-1167)
Security Advisory ID: BSA-2020-1167 Component: Open source TCP/IP stacks. Revision: 1.1 Forescout Research Labs discovered 33 vulnerabilities impacting millions of IoT, OT, and IT devices that present an immediate risk for organizations worldwide.These vulnerabilities are named AMNESIA:33. Detail...
BSA-2017-349
Security Advisory ID : BSA-2017-349 Component : SUDO Revision : 2.0: Interim A flaw was found in the waysudoparsedttyinformation from the process status file in the proc filesystem. A local user with privileges to execute commands viasudocould use this flaw to escalate their privileges to root...
BSA-2017-333
Security Advisory ID : BSA-2017-333 Component : zlib Revision : 1.0: Interim inftrees.cinzlib1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Affected Products Product| Current Assessment ---|--- Brocade Virtual Web Application...
BSA-2017-332
Security Advisory ID : BSA-2017-332 Component : IBM JDK Revision : 3.0: Final IBM JDK versions 6.0.16.45, 7.0.10.5, 7.1.4.5, and 8.0.4.5 correct a security issue. IBMSDK, Java Technology Edition is vulnerable XML External Entity Injection XXE error when processing XML data. A remote attacker coul...
BSA-2017-330
Security Advisory ID : BSA-2017-330 Component : JAVA SE Networking Revision : 3.0: Final Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121;...
Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection (CVE-2026-27641)
Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...
eventlet before 0.35.2 as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in whic...
jwt-go allows excessive memory allocation during header parsing
golang-jwt is vulnerable to excessive memory allocation due to improper handling of the parse.ParseUnverified function. This could allow an attacker to cause significant memory consumption by sending a malicious request with an Authorization header containing many period characters...
Azul Zulu Java Multiple Vulnerabilities (January 2025)
Azul Zulu Multiple Vulnerabilities January 2025 CVE-2025-0509 CVSS 3.1 Base Score 7.3 CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H Brocade SANnav not affected: VEX Justification: Vulnerablecodenotpresent CVE-2025-21502 CVSS 3.1 Base Score 4.8 CVSS Vector:...
Linux Kernel Vulnerable to Dangling Pointer via Garbage Collector Racing Against Connect() in AF_UNIX Module
The Linux Kernel is vulnerable to a race condition in the AFUNIX garbage collector due to improper handling of socket connections. This could allow an attacker to cause memory corruption...
snappy-java Vulnerable to Denial-of-Service (DoS) due to Improper Input Validation in File 'SnappyInputStream.java'
In snappy-java the stream chunk processing implementation uses a user controlled value to define the size of an allocated array. A remote attacker may abuse this by creating a crafted input stream that causes an extremely large array to be allocated, or a negative array size to be used. Both case...
Brocade SANnav encryption key is logged in the debug logs (CVE-2025-1053)
Under certain error conditions at time of Brocade SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Broca...
Security Advisory Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Secure Access Client (ISAC) (Multiple CVEs)
Brocade Security Team has become aware of CVEs for Ivanti Connect Secure ICS,Ivanti Policy Secure IPS and Ivanti Secure Access Client ISAC. Vulnerability Details CVE Number| Description| CVSS Score Severity| CVSS Vector| CWE| Impacted Products ---|---|---|---|---|--- CVE-2024-47905| A stack-based...
Multiple CVEs identified by vulnerability scanning tools addressed via Brocade ASCG v3.1.0
ASCG v3.1.0 utilizes Rocky Linux version 8.10, addressing a number of potential security vulnerabilities. A complete list of CVEs reported by Rocky Linux as being addressed in this update are provided in the ASCG v3.1.0 Release Notes. In addition, a number of CVEs identified via internal security...
command injection in scp.c
The scp functionality in OpenSSH is vulnerable to command injection via backtick characters in the destination argument. The command will be run with the permissions of the user with which the files were copied on the remote server. To exploit this issue an attacker must manipulate a system...
BSA-2022-1770
Security Advisory ID : BSA-2022-1770 Component : SpringSource Spring Framework Revision : 1.0 CVE-2010-1622: SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing...
BSA-2022-1768
Security Advisory ID : BSA-2022-1768 Component : Spring Cloud Revision : 1.0 In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in...
BSA-2021-1652
Security Advisory ID : BSA-2021-1652 Component : JMSAppender in Log4j 1.2 Revision : 1.0 CVE-2021-4104 - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and...
BSA-2019-827
Security Advisory ID : BSA-2019-827 Component : Kernel Revision : 1.0 Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use...
BSA-2020-1037
Security Advisory ID : BSA-2020-1037 Component : Docker Engine Revision : 1.0 An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAPNETRAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive...
BSA-2017-356
Security Advisory ID : BSA-2017-356 Component : Heap Stack Revision : 2.0: Interim A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw ...
BSA-2017-270
Security Advisory ID : BSA-2017-270 Component : OpenSSH Revision : 2.0: Interim Theverifyhostkeyfunction insshconnect.cin the client inOpenSSH6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptableHostCertificate. Affected Products...
BSA-2017-206
Security Advisory ID : BSA-2017-206 Component : OpenSSL Revision : 1.0: Interim Severity: Moderate-Applications parsing invalid CMS structures can crash with a NULL pointerdereference. This is caused by a bug in the handling of the ASN.1 CHOICE typein OpenSSL 1.1.0 which can result in a NULL valu...
A denial of service vulnerability exists in curl
A denial of service vulnerability exists in curl v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doi...
Path transversal vulnerability potentially leading to sensitive information disclosure (CVE-2025-4661)
A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files outside the intended directory potentially leading to the disclosure of sensitive information. Note: Admin level privilege is required on the switch in order to exploit...
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent
Brocade Wget contains an improper input validation vulnerability. An attacker could exploit this via theuserinfosubcomponent of a URI to cause insecure behavior which could potentially cause improper authentication, exposure of sensitive information, or other serious data integrity issues...
Stack overflow vulnerability in ash.c:6030 in busybox before 1.35 can be executed from command to arbitrary code execution.
BusyBox is vulnerable to memory corruption due to improper validation of user-supplied input. An attacker could exploit this to corrupt memory by tricking a victim into processing a crafted file to cause a stack-based buffer overflow. Further impacts may include serious confidentiality, integrity...
Docker Security Advisory: AuthZ Plugin Bypass Regression in Docker Engine (CVE-2024-41110)
Brocade Security Team has become aware that Certain versions of Docker Engine have a security vulnerability that could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being exploited is low. Detail Docker’s default authorization...
AES-SIV implementation ignores empty associated data entries (CVE-2023-2975)
Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be...
Oracle Java SE Multiple Vulnerabilities (July 2023 CPU)
Oracle Java SE Multiple Vulnerabilities July 2023 CPU CVE-2023-22041 Base Score: 5.1 MEDIUM Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2023-25193 Base Score: 7.5 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-22045 Base Score: 3.7 LOW Vector:...
Security updates provided in Brocade SANnav v2.2.2a and v2.3.0
Dear Brocade Customer: This Advisory aims to inform you of Brocade SANnav Security updates in Brocade SANnav v2.2.2a and v2.3.0. Please review the recently posted security advisories listed here: Updated Security Advisories https://support.broadcom.com/external/content/SecurityAdvisories/0/21225...