875 matches found
CVE-2021-23017: NGINX Resolver Vulnerability
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. Products Affected. Brocade SANnav - Fixed in Brocade SANnav 2.2.1...
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution (CVE-2023-38408)
The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...
Certificate validation is disabled when requesting binaries
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path. Products Confirmed Not Affected No Brocade Fibre Channel Products from Broadcom products are known to be affected by this vulnerability...
BSA-2022-1727
Security Advisory ID : BSA-2022-1727 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM...
BSA-2021-1494
Security Advisory ID : BSA-2021-1494 Component : WebApplication Revision : 1.0 The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has...
BSA-2017-304
Security Advisory ID : BSA-2017-304 Component : Linux Kernel Revision : 1.0: Interim The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNELDS option is set, which allows local users to read or write to arbitrary kernel memo...
CVE-2024-6387: Remote Unauthorized Code Execution Vulnerability in openSSH server (regreSSHion)
OpenSSH contains a remote code execution RCE vulnerability, exploitable by an unauthenticated attacker through a race condition. Successful exploitation can allow for the remote execution of arbitrary code. Note: This flaw has been demonstrated to be exploitable remotely on glibc-based Linux...
CVE-2022-45688 -A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data. Products Confirmed Not Affected No Brocade Fibre Channel Product from Broadcom Products is known to be affected by this vulnerability...
CVE-2021-23017: NGINX Resolver Vulnerability
Security Advisory ID : BSA-2021-1516 Component : NGINX Revision : 1.0 A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...
CVE-2022-33186 : EZServer module vulnerability
A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP...
CVE-2022-28615: Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...
Apache httpd URL normalization inconsistency
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...
HTTP2 Rapid Reset Vulnerability (CVE-2023-44487)
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. More information at: https://vulners.com/cve/CVE-2023-44487...
CVE-2023-34362 - a SQL injection vulnerability has been found in the MOVEit Transfer web application.
In Progress MOVEit Transfer before 2021.0.6 13.0.6, 2021.1.4 13.1.4, 2022.0.4 14.0.4, 2022.1.5 14.1.5, and 2023.0.1 15.0.1, a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database...
CVE-2022-33185. Several commands in Brocade Fabric OS use unsafe string function to process user input
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account...
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 (CVE-2022-22576)
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocol...
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace method in internal classes, which may lead to DoS attacks...
Azul Zulu Java Multiple Vulnerabilities (CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399)
The version of Azul Zulu installed on the remote host is prior to 6 6.51 / 7 7.57.0.14 / 8 8.65.0.14 / 11 11.59.16 / 13 13.51.14 / 15 15.43.14 / 17 17.37.14 / 19 19.30.12. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022-10-18 advisory. Vulnerability in the Oracle...
CVE-2021-29650. The netfilter subsystem allows attackers to cause a denial of service.
Security Advisory ID : BSA-2022-1462 Component : Kernel Revision : 1.0 A denial-of-service DoS flaw was identified in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service panic because net/netfilter/xtables.c and include/linux/netfilter/xtables.h...
Privilege escalation vulnerability in Node.js 20 could allow loading arbitrary OpenSSL engines when the experimental permission model is enabled (CVE-2023-30586).
A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine API can be used to bypass...
Branch Predictor Race Conditions (CVE-2024-45332)
Brocade is aware of Branch Privilege Injection: Exploiting Branch Predictor Race Conditions vulnerability CVE-2024-45332. Detail Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some...
The ap_rwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory
The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function. Modules compiled and distributed separately from Apache HTTP Server that use t...
CVE-2022-3358 : Using a Custom Cipher with NID_undef may lead to NULL encryption
OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0, and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions...
A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configuration. (CVE-2023-32233)
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled...
Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...
CVE-2022-36760 - HTTP Request Smuggling
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...
Spring Expression DoS Vulnerability (CVE-2023-20863)
In Spring Framework versions 6.0.0 - 6.0.7, 5.3.0 - 5.3.26, 5.2.0.RELEASE - 5.2.23.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...
CVE-2022-24903: A flaw in rsyslog TCP module could allow an attacker to craft a malicious message leading to a heap-based buffer overflow. (BSA-2022-2127)
Security Advisory ID: BSA-2022-2127 Component: Rsyslog Revision: 1.0 Rsyslog is vulnerable to remote code execution RCE due to improper validation of input data when octet-counted framing is used. An attacker could exploit this vulnerability by supplying a system with maliciously crafted messages...
A vulnerability was found in ncurses and occurs when used by a setuid application. (CVE-2023-29491)
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...
Azul Zulu Java Multiple Vulnerabilities (Jan 2022 Java update) CVE-2022-21248 CVE-2022-21277 CVE-2022-21366 CVE-2022-21282 CVE-2022-21296 CVE-2022-21283 CVE-2022-21291 CVE-2022-21305 CVE-2022-21293 CVE-2022-21294 CVE-2022-21340 CVE-2022-21299 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365
The version of Azul Zulu installed on the remote host is prior to 6 6.45 / 7 7.51.0.12 / 8 8.59.0.12 / 11 11.53.14 / 13 13.45.12 / 15 15.37.14 / 17 17.32.14. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022-01-18 advisory. - Vulnerability in the Oracle Java SE,...
mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client. More at:...
SOCKS5 heap buffer overflow (CVE-2023-38545)
When curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255 bytes.If the hostname is detected to be longer than 255 bytes, curl switches to local name resolving and...
BSA-2022-1839
Security Advisory ID : BSA-2022-1839 Component : Apache Tomcat Revision : 1.0 When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is...
Excessive time spent checking DH q parameter value (CVE-2023-3817)
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckexor EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...
CVE-2023-4163 - Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS
In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command...
BSA-2022-1694
Security Advisory ID : BSA-2022-1694 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 an...
BSA-2022-1738
Security Advisory ID : BSA-2022-1738 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Utility. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise...
BSA-2022-2021
Security Advisory ID : BSA-2022-2021 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise...
CVE-2022-43551 - HSTS check could be bypassed to trick it to keep using HTTP.
A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...
BSA-2022-1693
Security Advisory ID : BSA-2022-1693 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition:...
Apache Commons IO Vulnerability (CVE-2021-29425)
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path...
YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML (CVE-2019-11254)
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...
CVE-2018-1273 Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions,
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...
use-after-free flaw found in cgroup1_parse_param (possible denial of service)
A use-after-free flaw was found in cgroup1parseparam in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service ...
CVE-2022-43934 : Weak Key-exchange algorithms
Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095. Products Affected Brocade SANnav versions before v2.2.2 Products Confirmed Not Affected No other Brocade Fibre Channel products are affected. Credit...
CVE-2022-33179. A vulnerability in Brocade Fabric OS CLI could allow an attacker to break out of restricted shells and escalate privileges
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. Affected Product All Brocade Fabric OS versions...
BSA-2022-1732
Security Advisory ID : BSA-2022-1732 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM...
Oracle Java SE Multiple Vulnerabilities (Jan 2023 CPU update) CVE-2023-21830 CVE-2023-21843 CVE-2023-21835
The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component:...
A flaw in OpenSSH helper programs could lead to local privilege escalation
A flaw was found in OpenSSH. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. Depending on system configuration, inherite...
CVE-2022-42004 -In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check-in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. Products Confirmed No...