BSA-2017-249

Security Advisory ID : BSA-2017-249 Component : SSL TLS Revision : 1.0: Interim It was found using the OSS-FUZZfuzzerinfrastructure that decoding a specially crafted X.509 certificate with Proxy Certificate Information extension present could lead to a double free. This issue was fixed...

BSA-2017-241

Security Advisory ID : BSA-2017-241 Component : SNMP Revision : 1.0: Interim SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used inNetgearME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain...

BSA-2017-245

Security Advisory ID : BSA-2017-245 Component : SNMP Revision : 1.0: Interim snmpdin SCOOpenServerhas an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration. Affected Products Brocade is investigating its product lines to determine...

BSA-2017-238

Security Advisory ID : BSA-2017-238 Component : SNMP Revision : 1.0: Interim The Simple Network Management Protocol SNMP is a commonly used network service. Its primary function is to provide network administrators with information about all kinds of network connected devices. SNMP can be used to...

BSA-2017-242

Security Advisory ID : BSA-2017-242 Component : Linksys Revision : 1.0: Interim LinksysEtherFastBEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community strin...

BSA-2017-246

Security Advisory ID : BSA-2017-246 Component : FOS Revision : 2.0: Final Thehashbufferfunction inschnorr.cinOpenSSHthrough 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of servic...

BSA-2017-210

Security Advisory ID : BSA-2017-210 Component : libidn Revision : 2.0: Final idnin GNUlibidnbefore 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read...

BSA-2017-115

Security Advisory ID : BSA-2017-115 Component : Apache HTTPD Revision : 2.0: Final The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow...

BSA-2016-012

Security Advisory ID : BSA-2016-012 Component : BEA WebLogic Revision : 2.0: Final The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to...

BSA-2016-168

Security Advisory ID : BSA-2016-168 Component : NetIron Revision : 2.0: Final A memory corruption in the IPsec code path of BrocadeNetIronOS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00 and 6.0.00a images could allow attackers to cause a denial of service line card rese...

BSA-2015-1935

Security Advisory ID : BSA-2015-1935 Component : TLS protocol 1.2 Revision : 5.0 The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct...

BSA-2016-006

Summary Security Advisory ID : BSA-2016-006 Component : PHP Revision : 3.0 N/A...

c-ares Vulnerable to Memory Corruption via Out-of-Bounds Read in ‘ares__read_line’ function

c-ares is vulnerable to memory corruption due to improper parsing of local configuration files. This could allow a local attacker with access to such files to cause a denial-of-service DoS, or potentially leverage to obtain sensitive information from memory...

Docker implementation in Brocade SANnav is missing Audit Rules. (CVE-2024-2240)

Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks. Details. 'dockerd' is the Docker daemon/process that manages containers through the use of different binaries for the daemon and...

PostgreSQL Vulnerable to Privilege Escalation via Improper Checks in 'pg_stats_ext' and 'pg_stats_ext_exprs' Functions

PostgreSQL is vulnerable to privilege escalation. An attacker could exploit this to access views without correct privileges, potentially gaining access to sensitive data that they shouldn't have access to...

Oracle Critical Patch Update Advisory -- July 2024

CVE-ID Component Base Score CVE-2024-21131 Hotspot 3.7 CVE-2024-21138 Hotspot 3.7 CVE-2024-21140 Hotspot 4.8 CVE-2024-21145 2D 4.8 CVE-2024-21147 Hotspot 7.4 CVE-2024-27983 Oracle GrallVM for JDK 8.2 More details can be found at https://www.oracle.com/security-alerts/cpujul2024.html...

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors...

Multiple Vulnerabilities within libxml2 (CVE-2020-24977, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2023-29469, CVE-2023-28484, CVE-2022-40303, CVE-2022-40304, CVE-2021-3541)

: Brocade Fibre Channels products are affected by multiple Libxml2 vulnerabilities Brocade Fibre Channels products are affected by multiple Libxml2 vulnerabilities CVE-2020-24977 GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at...

Multiple Vulnerabilities within libexpat (CVE-2018-20843, CVE-2019-15903, CVE-2021-46143, CVE-2022-22825, CVE-2022-23990)

Summary CVE-2018-20843 In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing enough to be usable for denial-of-service attacks. Base CVSS score: 7.5...

Oracle Java SE Multiple Vulnerabilities (January 2024)

Oracle Java SE Multiple Vulnerabilities January 2024 CVE-2024-20918 CVSS 3.1 Base Score 7.4 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N. CVE-2024-20952 CVSS 3.1 Base Score 7.4 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N. CVE-2024-20919 CVSS 3.1 Base Score 5.9 CVSS...

Multiple NTP vulnerabilities resolved (CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554, CVE-2023-26555)

CVE-2023-26551 mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. Base Score: 5.6 MEDIUM Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2023-26552 mstolfp in...

OpenSSL Security Advisory [28th March 2023] (CVE-2023-0465, CVE-2023-0466)

Multiple OpenSSL Vulnerabilities released on28th March 2023 Invalid certificate policies in leaf certificates are silently ignored CVE-2023-0465 ========================================================= Applications that use a non-default option when verifying certificates may be vulnerable to an...

Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 (CVE-2015-4042)

Integer overflow in the keycomparemb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service application crash or possibly have unspecified other impact via long strings...

Vulnerabilities in Supermicro BMC IPMI firmware (CVE-2023-40289, CVE-2023-40284, CVE-2023-40287, CVE-2023-40288, CVE-2023-40290, CVE-2023-40285, CVE-2023-40286)

The Binarly research team has discovered multiple vulnerabilities in the Supermicro IPMI firmware component developed by ATEN. Vulnerabilities can be exploited by unauthenticated, remote attackers and could result in obtaining the root of the BMC system. CVE ID| Severity| Issue Type| Description...

CVE-2020-12243 - denial of service in filter.c in slapd in OpenLDAP

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash. Products Confirmed Not Affected No Brocade Fiber Channel product from Broadcom products is affected by this vulnerability...

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3

The rltropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.PID file...

CVE-2023-36664 - Artifex Ghostscript through 10.01.2 mishandles permission validation

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices with the %pipe% prefix or the | pipe character prefix...

CVE-2019-10208 -TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can...

CVE-2022-33182. Privilege escalation using switch commands "supportlink", "firmwaredownload", "portcfgupload","license", and "fosexec".

Security Advisory ID : BSA-2022-2084 Component : FOS Revision : 2.0 A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands "supportlink...

CVE-2018-5764, CVE-2017-16548 and CVE-2017-1734. Vulnerabilities in rsynd

Security Advisory ID : BSA-2022-2074 Component : rsyncd Revision : 1.0 CVE-2018-5764: The parsearguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. Base...

CVE-2021-3712: ASN1_STRING structure contains a buffer holding the string data

Security Advisory ID : BSA-2022-1587 Component : OpenSSL Revision : 1.0 ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesent...

CVE-2019-9169. Heap-based buffer over-read in the GNU C Library. (BSA-2022-776)

Security Advisory ID: BSA-2022-776 Component: GNU C Library Revision: 2.0 In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. Notes: Brocade PSIRT has confirmed that...

CVE-2022-33184. Stack-based buffer overflows, allowing the execution of arbitrary code.

Security Advisory ID : BSA-2022-2080 Component : FOS Revision : 1.0 A vulnerability in fabseg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and...

CVE-2021-34798. NULL pointer dereference in httpd core.

Security Advisory ID : BSA-2022-1597 Component : Apache httpd Revision : 1.0 Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. Affected Products All versions of Brocade Fabric OS...

CVE-2022-0155: Exposure of Private Personal Information to an Unauthorized Actor

Security Advisory ID : BSA-2022-1676 Component : Follow-Redirects Revision : 2.0 follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor. Notes: Brocade Fabric OS does not use cookies; however, Brocade Fabric OS versions after v9.0.0 and before v9.1.1 d...

BSA-2022-1835

Security Advisory ID : BSA-2022-1835 Component : Oracle Java Revision : 1.0 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition:...

BSA-2022-1763

Security Advisory ID : BSA-2022-1763 Component : InsydeH2O firmware framework code Revision : 1.0 Brocade has become aware ofseveral 23 memory management vulnerabilities that were disclosed by Binarly.Insyde's H2O UEFI firmware contains several 23 high-impact vulnerabilities.These vulnerabilities...

License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, (CVE-2021-27795)

Security Advisory ID : BSA-2022-1758 Component : Brocade Fabric OS License Revision : 2.0 Brocade Fabric OS FOS hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of...

BSA-2020-1276

Security Advisory ID : BSA-2020-1276 Component : bzip2recover Revision : 2.0 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service crash via a crafted bzip2 file, related to block ends set to before the start of the block. Affected Produc...

BSA-2020-1044

Security Advisory ID : BSA-2020-1044 Component : Apache Tomcat Revision : 1.0: Final When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able ...

BSA-2020-937

Security Advisory ID : BSA-2020-937 Component : lldpd Revision : 1.0: Final Buffer overflow in the lldpdecode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via vectors involving large...

BSA-2020-926

Security Advisory ID : BSA-2020-926 Component : openfortivpn Revision : 1.0: Final tunnel.c mishandles certificate validation in openfortivpn 1.11.0 due to multiples issues. CVE-2020-7041 An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles...

BSA-2020-907

Security Advisory ID : BSA-2020-907 Component : Intel Revision : 1.0: Final A potential security vulnerability in Intel® Processor Graphics may allow information disclosure.Intel is releasing software updates to mitigate this potential vulnerability. More at:...

BSA-2020-910

Security Advisory ID : BSA-2020-910 Component : Linux Kernel Revision : 1.0: Final In the Linux kernel through 5.4.6, there are information leaks ofuninitialized memory to a USB device in thedrivers/net/can/usb/kvaserusb/kvaserusbleaf.c driver, aka CID-da2311a6385c. Impact: Successful exploitatio...

BSA-2020-912

Security Advisory ID : BSA-2020-912 Component : Linux Kernel Revision : 1.0: Final An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the...

BSA-2020-915

Security Advisory ID : BSA-2020-915 Component : Linux Kernel Revision : 1.0: Final mwifiextmcmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a...

BSA-2019-865

Security Advisory ID : BSA-2019-865 Component : SANnav Revision : 1.0 The authentication mechanism, in Brocade SANnav versions before v2.0,logs plaintext account credentials at the ‘trace’ and the 'debug'logging level;which could allow a local authenticated attacker to access sensitive informatio...

BSA-2019-869

Security Advisory ID : BSA-2019-869 Component : SANnav Revision : 1.0 An information exposure vulnerability, in Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save. The vulnerability could allow an authenticated local malicious user with...

BSA-2019-866

Security Advisory ID : BSA-2019-866 Component : SANnav Revision : 1.0 Brocade SANnav versions before v2.0 usea hard-coded password, which could allowlocal authenticated attackers to access a back-end database and gain privileges. The vulnerability could be exploited only if the database service i...

BSA-2019-842

Security Advisory ID : BSA-2019-842 Component : OpenSSL Revision : 1.0: Initial OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is...