879 matches found
BSA-2020-1044
Security Advisory ID : BSA-2020-1044 Component : Apache Tomcat Revision : 1.0: Final When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able ...
BSA-2020-936
Security Advisory ID : BSA-2020-936 Component : SMBv3 Revision : 1.0: Final Microsoft SMBv3 contains a vulnerability in the handling of compression, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Server Message Block 3.1....
BSA-2020-926
Security Advisory ID : BSA-2020-926 Component : openfortivpn Revision : 1.0: Final tunnel.c mishandles certificate validation in openfortivpn 1.11.0 due to multiples issues. CVE-2020-7041 An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles...
BSA-2020-907
Security Advisory ID : BSA-2020-907 Component : Intel Revision : 1.0: Final A potential security vulnerability in Intel® Processor Graphics may allow information disclosure.Intel is releasing software updates to mitigate this potential vulnerability. More at:...
BSA-2019-888
Security Advisory ID : BSA-2019-888 Component : Eclipse OpenJ9 Revision : 1.0: Final From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks...
BSA-2019-865
Security Advisory ID : BSA-2019-865 Component : SANnav Revision : 1.0 The authentication mechanism, in Brocade SANnav versions before v2.0,logs plaintext account credentials at the ‘trace’ and the 'debug'logging level;which could allow a local authenticated attacker to access sensitive informatio...
BSA-2019-869
Security Advisory ID : BSA-2019-869 Component : SANnav Revision : 1.0 An information exposure vulnerability, in Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save. The vulnerability could allow an authenticated local malicious user with...
BSA-2019-867
Security Advisory ID : BSA-2019-867 Component : SANnav Revision : 1.0 Password-based encryption PBE algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services Radius, TACAS, etc...
BSA-2019-842
Security Advisory ID : BSA-2019-842 Component : OpenSSL Revision : 1.0: Initial OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is...
BSA-2019-787
Security Advisory ID : BSA-2019-787 Component : Oracle Java Revision : 1.0: Final Oracle Critical Patch Update Advisories - April 2019provide security updates forOracle Java Platform software libraries. Supported versions that are affected are Java SE: 7u211, 8u202, Java SE Embedded: 8u201..Furth...
BSA-2019-784
Security Advisory ID : BSA-2019-784 Component : Apache Tomcat Revision : 1.0: Initial When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the wa...
BSA-2019-785
Security Advisory ID : BSA-2019-785 Component : BMC/IPMI Revision : 1.0: Initial The ASPEED ast2400 and ast2500 Baseband Management Controller BMC hardware and firmware implement Advanced High-performance Bus AHB bridges, which allow arbitrary read and write access to the BMC's physical address...
BSA-2018-606
Security Advisory ID : BSA-2018-606 Component : bzip2recover Revision : 2.0 The GNU C Library aka glibc or libc6 before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the operator follow...
BSA-2018-744
Security Advisory ID : BSA-2018-744 Component : Webconsole Revision : 1.0: Initial A Vulnerability in Brocade Network Advisor Version before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code.The vulnerability could also be exploited to execute arbitrary OS Commands...
BSA-2018-733
Security Advisory ID : BSA-2018-733 Component : Fabric OS Proxy Service Revision : 1.0: Initial A vulnerability in the proxy service of Brocade Fabric OS versions could allow remote unauthenticated attackersto obtain sensitive information and possibly cause a denial of service. Affected Products...
BSA-2018-735
Security Advisory ID : BSA-2018-735 Component : Fabric OS WebGui Revision : 1.0: Initial A vulnerability in the Brocade webtools firmware update section of Brocade Fabric OS could allow remote authenticated attackers to execute arbitrary commands as the root user. Affected Products Brocade Fabric...
BSA-2018-711
Security Advisory ID : BSA-2018-711 Component : Apache HTTPD Revision : 1.0: Final The Apache HTTP Server 2.4.17 and 2.4.18, when modhttp2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of servic...
BSA-2018-620
Security Advisory ID : BSA-2018-620 Component : TLS Revision : 2.0 The TLS protocol 1.2 and earlier supports the rsafixeddh, dssfixeddh, rsafixedecdh, and ecdsafixedecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations...
BSA-2018-662
Security Advisory ID : BSA-2018-662 Component : Zip Slip Revision : 1.1: update Snyk Security team discloses a widespread arbitrary file overwrite critical vulnerability, which typically results in remote command execution. The flaw which has been named Zip Slip affects numerous archive-extractio...
BSA-2018-589
Security Advisory ID : BSA-2018-589 Component : Oracle WebLogic Revision : 1.0: Final Vulnerability in the Oracle WebLogicServer component of Oracle Fusion Middleware subcomponent: WLS Core Components. Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily...
BSA-2018-553
Security Advisory ID : BSA-2018-553 Component : Apache HTTPD Revision : 2.0: Final When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.33 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the...
BSA-2018-556
Security Advisory ID : BSA-2018-556 Component : Apache HTTPD Revision : 2.0: Final The expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are...
BSA-2018-564
Security Advisory ID : BSA-2018-564 Component : Oracle Java Revision : 1.1: update The January 2018 Critical Patch Update provides security updatesfor certain Oracle Java Platform software libraries. Java SE JDK and JRE versions through 6u171, 7u161, 8u152, and 9.0.1 are affected by vulnerabiliti...
BSA-2018-526
Security Advisory ID : BSA-2018-526 Component : Fabric OS IPv6 stack Revision : 2.0: Final A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS FOS could allow an unauthenticated, adjacent attacker to cause a denial of service CPU consumption and devic...
BSA-2018-528
Security Advisory ID : BSA-2018-528 Component : OpenSSL Revision : 1.0: Final There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this...
BSA-2017-471
Security Advisory ID : BSA-2017-471 Component : Apache Santuario Revision : 2.0: Final Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service memory consumption via crafted Document Type Definitions DTDs, related to...
BSA-2017-443
Security Advisory ID : BSA-2017-443 Component : DHCP Revision : 1.0: Interim A resource-consumption flaw was discovered in the DHCP server. dhcpd did not restrict the number of open connections to OMAPI and failover ports. A remote attacker able to establish TCP connections to one of these ports...
BSA-2017-437
Security Advisory ID : BSA-2017-437 Component : Perl Revision : 2.0: Interim Buffer overflow in the regular expression parser in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service crash or leak data from memory via vectors involving use...
BSA-2017-438
Security Advisory ID : BSA-2017-438 Component : Apache Struts Revision : 2.0: Interim It was found thatFreemarkerin Struts would permit using read-only properties in value assignment of tag expressions. An attacker could use this to execute arbitrary code. Affected Products Brocade is investigati...
BSA-2017-441
Security Advisory ID : BSA-2017-441 Component : Samba Revision : 2.0: Interim It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. Affected Products...
BSA-2017-406
Security Advisory ID : BSA-2017-406 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable...
BSA-2017-414
Security Advisory ID : BSA-2017-414 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit...
BSA-2017-383
Security Advisory ID : BSA-2017-383 Component : OpenSSL Revision : 2.0: Interim The signing function in crypto/ecdsa/ecdsaossl.c in certain OpenSSL versions and forks is vulnerable to timing attacks when signing with the standardized elliptic curve P-256 despite featuring constant-time curve...
BSA-2017-375
Security Advisory ID : BSA-2017-375 Component : NFS Revision : 3.0: Final The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers...
BSA-2017-352
Security Advisory ID : BSA-2017-352 Component : Linux Kernel Revision : 3.0: Interim The sctpv6createacceptsk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system...
BSA-2017-381
Security Advisory ID : BSA-2017-381 Component : OpenVPN Revision : 1.0: Interim OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. Affected Products Brocade is investigatin...
BSA-2017-411
Security Advisory ID : BSA-2017-411 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit...
BSA-2017-397
Security Advisory ID : BSA-2017-397 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit:...
BSA-2017-363
Security Advisory ID : BSA-2017-363 Component : Apache Revision : 1.0: Interim A maliciously constructed HTTP/2 request could cause modhttp2 to dereference a NULL pointer and crash the server process. Affected Products Brocade is investigating its product lines to determine which products may be...
BSA-2017-407
Security Advisory ID : BSA-2017-407 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable...
BSA-2017-342
Security Advisory ID : BSA-2017-342 Component : Freeradius Revision : 2.0: Interim The TLS session cache inFreeRADIUS2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remo...
BSA-2017-293
Security Advisory ID : BSA-2017-293 Component : NTP Revision : 1.0: Interim The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes. Affected Products Brocade is investigating i...
BSA-2017-305
Security Advisory ID : BSA-2017-305 Component : Apache Tomcat Revision : 1.0: Interim The handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOWUPDATE before allowing the application to write more data...
BSA-2017-291
Security Advisory ID : BSA-2017-291 Component : NTP Revision : 1.0: Interim NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPIDLLS environment variable. Affected Products Brocade is investigating its product lines to...
BSA-2017-292
Security Advisory ID : BSA-2017-292 Component : NTP Revision : 1.0: Interim Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line. Affected Products Brocade is...
BSA-2017-285
Security Advisory ID : BSA-2017-285 Component : Linux Kernel Revision : 1.0: Interim A race condition flaw was found in the NHLDC Linux kernel driver when accessingnhdlc.tbuflist that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on thettydevice could us...
BSA-2017-289
Security Advisory ID : BSA-2017-289 Component : NTP Revision : 1.0: Interim A vulnerability found in the NTP server allows an authenticated remote attacker to crash the daemon by sending an invalid setting viathe :configdirective. Theunpeeroption expects a number or an address as an argument. In...
BSA-2017-272
Security Advisory ID : BSA-2017-272 Component : OpenSSH Revision : 2.0: Final Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11 modules by leveraging control over a forwarded agent-socket. Affected...
BSA-2017-266
Security Advisory ID : BSA-2017-266 Component : FOS Revision : 1.0: Interim Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated bySlowloris. Affected Products Brocade is investigating its product lines to...
BSA-2017-249
Security Advisory ID : BSA-2017-249 Component : SSL TLS Revision : 1.0: Interim It was found using the OSS-FUZZfuzzerinfrastructure that decoding a specially crafted X.509 certificate with Proxy Certificate Information extension present could lead to a double free. This issue was fixed...