879 matches found
BSA-2017-472
Security Advisory ID : BSA-2017-472 Component : JBOSS WildFly Revision : 1.0: Interim Red Hat JBoss Enterprise Application Platform JBEAP 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container MSC service...
BSA-2017-444
Security Advisory ID : BSA-2017-444 Component : DENX Das U-Boot Revision : 3.0: Final Das U-Boot is a devicebootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper...
BSA-2017-435
Security Advisory ID : BSA-2017-435 Component : Apache HTTPD Revision : 3.0: Final Apachehttpdallows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccessfile, or ifhttpd.confhas certain misconfigurations, akaOptionsbleed. This affects th...
BSA-2017-428
Security Advisory ID : BSA-2017-428 Component : Apache Struts Revision : 2.0: Interim The previous fix issued with CVE-2017-7672 was incomplete. If an application allows enter an URL in a form field and built-inURLValidatoris used, it is possible to prepare a special URL which will be used to...
BSA-2017-382
Security Advisory ID : BSA-2017-382 Component : gSOAP Revision : 2.0: Interim Integer overflow in the soapget function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service...
BSA-2017-374
Security Advisory ID : BSA-2017-374 Component : Linux Kernel Revision : 2.0: Interim The doanonymouspage function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the hea...
BSA-2017-373
Security Advisory ID : BSA-2017-373 Component : NFSv4 Revision : 2.0: Interim The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is...
BSA-2017-422
Security Advisory ID : BSA-2017-422 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAX-WS. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit:...
CVE-2017-10078 - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). (BSA-2017-403)
Security Advisory ID: BSA-2017-403 Component: Java Revision : 3.0: Final Vulnerability in the Java SE component of Oracle Java SE subcomponent: Scripting. The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low-privileged attacker with network access...
BSA-2017-377
Security Advisory ID : BSA-2017-377 Component : Apache HTTPD Revision : 3.0: Final In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by...
BSA-2017-348
Security Advisory ID : BSA-2017-348 Component : StrongSwan Revision : 2.0: Interim A denial-of-service vulnerability in the x509 plugin was discovered instrongSwan. All versions are affected. Incorrect Handling of CHOICE types in ASN.1 parser and x509 plugin ASN.1 CHOICE types are not correctly...
BSA-2017-339
Security Advisory ID : BSA-2017-339 Component : OpenVPN Revision : 2.0: Interim An authenticated client can cause the server's the packet-id counter to roll over, which would lead the server process to hit anASSERT and stop running. To make the server hit theASSERT, the client must first cause th...
BSA-2017-317
Security Advisory ID : BSA-2017-317 Component : Apache Tomcat Revision : 2.0: Interim In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was...
BSA-2017-316
Security Advisory ID : BSA-2017-316 Component : SNMP Revision : 1.0: Interim In SNMP version 1 & 2 authentication should only accept the value stored in the SNMP agent authentication mechanism. With this vulnerability an attacker can use any value string or integer in order to authenticate the SN...
BSA-2017-307
Security Advisory ID : BSA-2017-307 Component : libc Revision : 2.0: Interim Integer overflow in thestrxfrmfunction in the GNU C Library akaglibcor libc6 before 2.21 allows context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via a long string, which...
BSA-2017-284
Security Advisory ID : BSA-2017-284 Component : Apache Brooklyn 0.9.0 and all prior versions Revision : 1.0: Interim No information. Affected Products Brocade is investigating its product lines to determine which products may be affected by this vulnerability and the impact on each affected produ...
BSA-2017-277
Security Advisory ID : BSA-2017-277 Component : Apache Struts Revision : 1.0: Interim The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a cmd= string in a crafted...
BSA-2017-254
Security Advisory ID : BSA-2017-254 Component : Open SSH Revision : 2.0: Final Themmnewkeysfromblobfunction inmonitorwrap.cinsshdinOpenSSH6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to...
BSA-2017-269
Security Advisory ID : BSA-2017-269 Component : OpenSSH Revision : 1.0: Interim The default configuration forOpenSSHenablesAllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such asAnonCVS. Affected Products...
BSA-2017-237
Security Advisory ID : BSA-2017-237 Component : Stack Buffer Overflow Issue in BSD libc Revision : 1.0: Interim The BSDlibclibrary'slinkntoa function may be vulnerable to a classic buffer overflow. It is currently unclear if this issue is exploitable. Affected Products Brocade is investigating it...
BSA-2017-242
Security Advisory ID : BSA-2017-242 Component : Linksys Revision : 1.0: Interim LinksysEtherFastBEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community strin...
BSA-2017-238
Security Advisory ID : BSA-2017-238 Component : SNMP Revision : 1.0: Interim The Simple Network Management Protocol SNMP is a commonly used network service. Its primary function is to provide network administrators with information about all kinds of network connected devices. SNMP can be used to...
BSA-2017-245
Security Advisory ID : BSA-2017-245 Component : SNMP Revision : 1.0: Interim snmpdin SCOOpenServerhas an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration. Affected Products Brocade is investigating its product lines to determine...
BSA-2017-213
Security Advisory ID : BSA-2017-213 Component : libidn Revision : 2.0: Final idninlibidnbefore 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948...
BSA-2017-210
Security Advisory ID : BSA-2017-210 Component : libidn Revision : 2.0: Final idnin GNUlibidnbefore 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read...
BSA-2017-105
Security Advisory ID : BSA-2017-105 Component : Apache HTTPD Revision : 2.0: Final The Apache HTTP Server 2.4.18 through 2.4.20, when modhttp2 and modssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attacker...
BSA-2016-168
Security Advisory ID : BSA-2016-168 Component : NetIron Revision : 2.0: Final A memory corruption in the IPsec code path of BrocadeNetIronOS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00 and 6.0.00a images could allow attackers to cause a denial of service line card rese...
BSA-2016-006
Summary Security Advisory ID : BSA-2016-006 Component : PHP Revision : 3.0 N/A...
Denial-of-Service (DoS) after Unusual or Exceptional Conditions vulnerability (CVE-2025-4663)
An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service DoS. The vulnerability is encountered when supportsave is invoked remotely, using ssh command or SANnav inlin...
PostgreSQL Vulnerable to Privileged Execution of Arbitrary SQL due to Late Privilege Drop in 'REFRESH MATERIALIZED VIEW CONCURRENTLY'
An authenticated attacker that has created a materialized view could run arbitrary SQL commands on a PostgreSQL server if a victim runs REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's view. If the victim is a superuser this could result in full compromise of the PostgreSQL server...
OpenJDK Vulnerability Advisory - April 2024
OpenJDK is affected by multiple vulnerabilities. Affected CVEs CVE-2024-21094 CVE-2024-21085 CVE-2024-21011 CVE-2024-21012 CVE-2023-41993 CVE-2024-21003 CVE-2024-21005 CVE-2024-21002 CVE-2024-21004 More information is available at: https://openjdk.org/groups/vulnerability/advisories/2024-04-16...
GridGain Security update in Brocade SANnav version 2.3.1a (CVE-2023-32732, CVE-2023-34462, CVE-2023-33953, CVE-2023-40167, CVE-2023-36479, CVE-2023-41900, CVE-2022-2048, CVE-2023-26048, CVE-2023-26049)
Brocade has provided a Security update to the following GridGain related CVEs in Brocade SANnav version 2.3.1a. CVE-2023-32732, CVE-2023-34462, CVE-2023-33953, CVE-2023-40167, CVE-2023-36479, CVE-2023-41900, CVE-2022-2048, CVE-2023-26048, CVE-2023-26049 Products Confirmed Not Affected. Brocade...
Vulnerabilities in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177)
OpenPrinting CUPS is the most current version of CUPS, a standards-based, open source printing system for LinuxÂŽ and other UnixÂŽ-like operating systems. Several security vulnerabilities have been disclosed in the OpenPrinting Common Unix Printing System CUPS on Linux systems that could permit...
Multiple Vulnerabilities within libxml2 (CVE-2020-24977, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2023-29469, CVE-2023-28484, CVE-2022-40303, CVE-2022-40304, CVE-2021-3541)
: Brocade Fibre Channels products are affected by multiple Libxml2 vulnerabilities Brocade Fibre Channels products are affected by multiple Libxml2 vulnerabilities CVE-2020-24977 GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at...
Azul Zulu OpenJDK is affected by multiple vulnerabilities.(2024-04-16).
Azul Zulu multiple vulnerabilities as referenced in the 2024-04-16 advisory. Affected CVEs CVE-2023-41993, CVE-2024-21002, CVE-2024-21004, CVE-2024-21003, CVE-2024-21005, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094 CVE | Component| Base Score ---|---|---...
Oracle Java SE Multiple Vulnerabilities (January 2024)
Oracle Java SE Multiple Vulnerabilities January 2024 CVE-2024-20918 CVSS 3.1 Base Score 7.4 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N. CVE-2024-20952 CVSS 3.1 Base Score 7.4 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N. CVE-2024-20919 CVSS 3.1 Base Score 5.9 CVSS...
Multiple NTP vulnerabilities resolved (CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554, CVE-2023-26555)
CVE-2023-26551 mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. Base Score: 5.6 MEDIUM Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2023-26552 mstolfp in...
The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code (CVE-2014-9471)
The parsedatetime function in GNU coreutils allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command...
CVE-2020-12243 - denial of service in filter.c in slapd in OpenLDAP
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash. Products Confirmed Not Affected No Brocade Fiber Channel product from Broadcom products is affected by this vulnerability...
CVE-2023-31425 - Privilege escalation via the fosexec command
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, ârootâ account access is...
CVE-2022-34917 - OutOfMemoryException in Apache Kafka
A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Exampl...
CVE-2019-9169. Heap-based buffer over-read in the GNU C Library. (BSA-2022-776)
Security Advisory ID: BSA-2022-776 Component: GNU C Library Revision: 2.0 In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. Notes: Brocade PSIRT has confirmed that...
CVE-2022-33184. Stack-based buffer overflows, allowing the execution of arbitrary code.
Security Advisory ID : BSA-2022-2080 Component : FOS Revision : 1.0 A vulnerability in fabseg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and...
CVE-2018-5764, CVE-2017-16548 and CVE-2017-1734. Vulnerabilities in rsynd
Security Advisory ID : BSA-2022-2074 Component : rsyncd Revision : 1.0 CVE-2018-5764: The parsearguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. Base...
CVE-2022-33182. Privilege escalation using switch commands "supportlink", "firmwaredownload", "portcfgupload","license", and "fosexec".
Security Advisory ID : BSA-2022-2084 Component : FOS Revision : 2.0 A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands "supportlink...
BSA-2022-2013
Security Advisory ID : BSA-2022-2013 Component : RETBLEED Revision : 1.0: Final A research team in Switzerland has found a new variant of the speculative execution vulnerabilities that affect some Intel and AMD chips aka RETBLEED. Retbleed CVE-2022-29900 and CVE-2022-29901 is the new addition to...
BSA-2022-1836
Security Advisory ID : BSA-2022-1836 Component : Oracle Java Revision : 1.0 Vulnerability in the Java SE product of Oracle Java SE component: JNDI. The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
BSA-2022-1763
Security Advisory ID : BSA-2022-1763 Component : InsydeH2O firmware framework code Revision : 1.0 Brocade has become aware ofseveral 23 memory management vulnerabilities that were disclosed by Binarly.Insyde's H2O UEFI firmware contains several 23 high-impact vulnerabilities.These vulnerabilities...
License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, (CVE-2021-27795)
Security Advisory ID : BSA-2022-1758 Component : Brocade Fabric OS License Revision : 2.0 Brocade Fabric OS FOS hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of...
BSA-2021-1238
Security Advisory ID : BSA-2021-1238 Component : Libgcrypt Revision : 1.0 gcrymdblockwrite in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later...