879 matches found
BSA-2017-420
Security Advisory ID : BSA-2017-420 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit:...
BSA-2017-413
Security Advisory ID : BSA-2017-413 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit...
BSA-2017-417
Security Advisory ID : BSA-2017-417 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacke...
BSA-2017-409
Security Advisory ID : BSA-2017-409 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit...
BSA-2017-412
Security Advisory ID : BSA-2017-412 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit...
BSA-2017-360
Security Advisory ID : BSA-2017-360 Component : Linux Kernel Revision : 2.0: Interim The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMITSTACK is set to RLIMITINFINITY and 1 Gigabyte of memory is allocated the maximum under the 1/4 restriction then the stack will b...
BSA-2017-370
Security Advisory ID : BSA-2017-370 Component : Systemd Revision : 2.0: Interim In systemd through 233, certain sizes passed to dnspacketnew in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP...
BSA-2017-423
Security Advisory ID : BSA-2017-423 Component : Kernel Revision : 2.0: Interim Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service list corruption or use-after-free via simultaneous file-descriptor operations that...
BSA-2017-358
Security Advisory ID : BSA-2017-358 Component : Offset2lib Patch Protection Bypass Revision : 2.0: Interim The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to beexecve'edwith 1GB of arguments or environmental strings then the stack occupies the...
BSA-2017-359
Security Advisory ID : BSA-2017-359 Component : Kernel Revision : 2.0: Interim The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMITSTACK is set to RLIMITINFINITY and 1 Gigabyte of memory is allocated the maximum under the 1/4 restriction then the stack will be grow...
BSA-2017-351
Security Advisory ID : BSA-2017-351 Component : Linux Kernel Revision : 3.0: Interim Theinetcskclonelockfunction in net/ipv4/inetconnectionsock.cin the Linux kernel allows attackers to cause a denial of service double free or possibly have unspecified other impact by leveraging use of the accept...
BSA-2017-396
Security Advisory ID : BSA-2017-396 Component : PostgreSQL Revision : 1.0: Interim An authorization flaw was found in the way PostgreSQL handled large objects. A remote authenticated attacker with no privileges on a large object could potentially use this flaw to overwrite the entire content of t...
BSA-2017-405
Security Advisory ID : BSA-2017-405 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable...
BSA-2017-361
Security Advisory ID : BSA-2017-361 Component : Apache HTTPD Revision : 2.0: Final In Apachehttpd2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of theapgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed...
BSA-2017-364
Security Advisory ID : BSA-2017-364 Component : Apache HTTPD Revision : 2.0: Final The HTTP strict parsing changes added in Apachehttpd2.2.32 and 2.4.24 introduced a bug in token list parsing, which allowsapfindtokento search past the end of its input string. By maliciously crafting a sequence of...
BSA-2017-410
Security Advisory ID : BSA-2017-410 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable...
BSA-2017-400
Security Advisory ID : BSA-2017-400 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit:...
BSA-2017-404
Security Advisory ID : BSA-2017-404 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit:...
BSA-2017-401
Security Advisory ID : BSA-2017-401 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit:...
BSA-2017-341
Security Advisory ID : BSA-2017-341 Component : Samba Revision : 1.0: Interim All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute...
BSA-2017-320
Security Advisory ID : BSA-2017-320 Component : Intel Active Mgmt Technology Revision : 1.0: Interim There is an escalation of privilege vulnerability in Intel® Active Management Technology AMT, Intel® Standard Manageability ISM, and Intel® Small Business Technology versions firmware versions 6.x...
BSA-2017-338
Security Advisory ID : BSA-2017-338 Component : N/A Revision : 1.0: Final A ransomware calledWannaCryinfected computers in several countries. Computers that became infected had not been patched. Microsoft released a security bulletin on March 14th, 2017, titled Microsoft Security Bulletin MS17-01...
BSA-2017-308
Security Advisory ID : BSA-2017-308 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded,JRockitcomponent of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111;JRockit:...
BSA-2017-250
Security Advisory ID : BSA-2017-250 Component : SSL TLS Revision : 1.0: Interim It was found using the OSS-FUZZfuzzerinfrastructure that decoding a specially craftedOpenPGPcertificate could lead to heap and stack overflows. This issue was fixed inGnuTLS3.3.26 and 3.5.8. Affected Products Brocade ...
BSA-2017-239
Security Advisory ID : BSA-2017-239 Component : SNMP Revision : 1.0: Interim The Simple Network Management Protocol SNMP is a commonly used network service. Its primary function is to provide network administrators with information about all kinds of network connected devices. SNMP can be used to...
BSA-2017-224
Security Advisory ID : BSA-2017-224 Component : ntp Revision : 1.0: Interim Ifntpdis configured to allowmrulistquery requests from a server that sends a crafted malicious packet,ntpdwill crash on receipt of that crafted maliciousmrulistquery packet. Affected Products Brocade is investigating its...
BSA-2017-212
Security Advisory ID : BSA-2017-212 Component : libidn Revision : 2.0: Final The stringpreputf8nfkcnormalize function in lib/nfkc.cinlibidnbefore 1.33 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via crafted UTF-8 data...
BSA-2017-501
Security Advisory ID : BSA-2017-501 Component : Apache HTTPD Revision : 2.0: Final In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to modauthdigest can cause the server to crash, and each instance continues to crash even for subsequently valid requests...
BSA-2016-182
Security Advisory ID : BSA-2016-182 Component : OpenSSH Revision : 3.0: Final The x11openhelper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypa...
BSA-2016-009
Summary Security Advisory ID : BSA-2016-009 Component : SSH Revision : 2.0 N/A...
BSA-2016-008
Summary Security Advisory ID : BSA-2016-008 Component : RPC Revision : 1.0 N/A...
BSA-2016-015
Security Advisory ID : BSA-2016-015 Component : OpenSSH Revision : 3.0: Final The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain...
BSA-2016-003
Summary Security Advisory ID : BSA-2016-003 Component : glibc Revision : 1.0 N/A...
BSA-2015-009
Summary Security Advisory ID : BSA-2015-009 Component : Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 Revision : 2.0 N/A...
BSA-2015-008
Summary Security Advisory ID : BSA-2015-008 Component : OpenSSL Revision : 4.0 N/A...
BSA-2015-006
Summary Security Advisory ID : BSA-2015-006 Component : OpenSSL Revision : 8.0 N/A...
BSA-2015-003
Summary Security Advisory ID : BSA-2015-003 Component : OpenSSL Revision : 7.0 N/A...
Oracle Critical Patch Update Advisory -- July 2024
CVE-ID Component Base Score CVE-2024-21131 Hotspot 3.7 CVE-2024-21138 Hotspot 3.7 CVE-2024-21140 Hotspot 4.8 CVE-2024-21145 2D 4.8 CVE-2024-21147 Hotspot 7.4 CVE-2024-27983 Oracle GrallVM for JDK 8.2 More details can be found at https://www.oracle.com/security-alerts/cpujul2024.html...
PostgreSQL Vulnerable to Denial-of-Service (DoS) in 'pg_signal_backend()'
PostgreSQL contains a denial-of-service DoS vulnerability. An attacker with superuser permissions could exploit this issue to cause the database to crash...
Multiple CURL vulnerabilities in Brocade SANnav OVA deployments before SANnav 2.3.1b
Multiple CURL vulnerabilities Curl 7.44.0 8.7.0 vulnerabilities CVE-2024-2398, CVE-2024-2466, CVE-2024-2004 & CVE-2024-0853 Curl 7.44.0 8.7.0 HTTP/2 Push Headers Memory-leak CVE-2024-2398 Curl 7.85.0 8.7.0 Input Misinterpretation CVE-2024-2004 Curl 7.85.0 8.7.0 Input Misinterpretation CVE-2024-20...
flaw in the RPM package in the read functionality
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity...
CVE-2015-4041: Denial of service (heap-based buffer overflow and application crash) in GNU Coreutils
Security Advisory ID : BSA-2022-1407 Component : GNU Coreutils Revision : 1.0 The keycomparemb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers ...
CVE-2021-39275. ap_escape_quotes buffer overflow
Security Advisory ID : BSA-2022-1599 Component : Apache httpd Revision : 1.1 An out-of-bounds write in function apescapequotes of httpd allows an unauthenticated, remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing...
CVE-2021-34798. NULL pointer dereference in httpd core.
Security Advisory ID : BSA-2022-1597 Component : Apache httpd Revision : 1.0 Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. Affected Products All versions of Brocade Fabric OS...
(CVE-2022-1292) - The c_rehash script allows command injection. (BSA-2022-1846)
Security Advisory ID: BSA-2022-1846 Component: OpenSSL Revision: 2.0 The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an...
BSA-2022-765
Security Advisory ID : BSA-2022-765 Component : OpenSSL Revision : 1.0 If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0-byte record is...
BSA-2020-972
Security Advisory ID : BSA-2020-972 Component : jQuery Revision : 1.0 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untruste...
BSA-2020-1174
Security Advisory ID : BSA-2020-1174 Component : Theft of FireEye Red Team Tools Revision : 1.0 Brocade Security is aware of the news reporting the Theft of FireEye Red Team Tools by a highly sophisticated threat actor. More information atTheft of FireEye Red Team Tools...
BSA-2020-918
Security Advisory ID : BSA-2020-918 Component : Linux Kernel Revision : 1.0: Final The Linux kernel before 2.4.36-rc1 has a race condition. It was possibleto bypass systrace policies by flooding the ptraced process with SIGCONTsignals, which can can wake up a PTRACED process...
BSA-2020-893
Security Advisory ID : BSA-2020-893 Component : OpenSSL Revision : 2.0: Final There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and...