CVE-2016-7117 - Use-after-free vulnerability in the Linux kernel

Use-after-free vulnerability in the sysrecvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing...

CVE-2021-3711: ASN1_STRING structure contains a buffer holding the string data

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

BSA-2022-1692

Security Advisory ID : BSA-2022-1692 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition...

AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

CVE-2021-4044: Invalid handling of X509_verify_cert() internal errors in libssl

A flaw was found in the way OpenSSL verified certificates via the X509verifycert function. X509verifycert fuunction may return a negative return value to indicate an internal error for example, out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO function such...

Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL

In Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition...

openssl file names of certificates being hashed were possibly passed to a command executed through the shell

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

Zlib memory corruption when deflating (i.e. when compressing)

zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...

BSA-2022-1979

Security Advisory ID : BSA-2022-1979 Component : Encryption Revision : 1.0 In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the...

BSA-2022-1842

Security Advisory ID : BSA-2022-1842 Component : Zone Management Revision : 1.0 In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands. Affected Products. Brocade SANnav...

Spring Expression DoS Vulnerability (CVE-2023-20861)

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...

The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client. NOTE: some reports...

CVE-2022-33180. Sensitive files export.

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”. Affected Product All Brocade Fabric OS versions...

BSA-2022-2025

Security Advisory ID : BSA-2022-2025 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition:...

BSA-2022-1689

Security Advisory ID : BSA-2022-1689 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3...

Several security-related HTTP Headers were missing (CVE-2023-5648)

In Brocade ASCG before Brocade ASCG v3.0, several security-related HTTP Headers were missing in various Brocade ASCG URL paths, aiding unauthenticated attackers to perform attacks such as Cross-Site Scripting, Clickjacking, Information disclosure, and more...

DOS for Handling of crafted recursive ASN.1 structures

Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources, s...

nfs_atomic_open() performs a regular lookup

An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the ODIRECTORY flag, and tries to open a regular file, nfsatomicopen performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in...

CVE-2022-43935: Switch passwords and authorization IDs are printed in the embedded MLS DB file5

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file. Products Affected Brocade SANnav versions before v2.2.2 Products Confirmed Not...

CVE-2018-0732. Client DoS due to large DH parameter.

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

BSA-2022-2026

Security Advisory ID : BSA-2022-2026 Component : Oracle Java SE Revision : 1.0 GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. Affected Products Brocade SANnav versions before v2.2.1...

BSA-2022-1736

Security Advisory ID : BSA-2022-1736 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle...

BSA-2021-1013

Security Advisory ID : BSA-2021-1013 Component : Telnet Revision : 1.0: Final A vulnerability was found where incorrect bounds checks in the telnet server’s telnetd handling of short writes and urgent data, could lead to information disclosure and corruption of heap data. An unauthenticated...

Oracle Java SE Multiple Vulnerabilities (July 2022 CPU update) CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-25647 CVE-2022-34169

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory: - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot...

CVE-2018-1053 - Ensure that all temporary files made with "pg_upgrade" are non-world-readable

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pgupgrade creates file in current working directory containing the output of pgdumpall -g under umask which was in effect when the user invoked pgupgrade, and not under 0077 which...

CVE-2023-1255 - Possible denial of service on Arm 64 (aarch64) using AES XTS mode

The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm ...

CVE-2022-33187 : Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs

Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information. Products Affected Brocade SANnav versions before v2.2.1 Products Confirmed Not Affected No other Brocade Fibre...

CVE-2022-24903: A flaw in rsyslog TCP module could allows an attacker to craft a malicious message leading to a heap-based buffer overflow.

Rsyslog is vulnerable to remote code execution RCE due to improper validation of input data when octet-counted framing is used. An attacker could exploit this vulnerability by supplying a system with maliciously crafted messages. Products Affected. Brocade SANnav - Fixed in Brocade SANnav 2.2.1...

CVE-2022-33183. Stack buffer overflow using in “firmwaredownload” and “diagshow” commands.

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands. Affected Product All Brocade Fabric OS versions...

CVE-2022-33178. A vulnerability in the radius authentication system could allow arbitrary code execution.

A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. Due to improper input validation, the privileged attacker could provide a script as Brocade-Auth-Role parameter that...

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded.

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

BSA-2020-1158

Security Advisory ID : BSA-2020-1158 Component : LDAP Revision : 1.0 Brocade Fabric OS before v9.0.0 and afterv8.1.0, configured in Virtual Fabric mode contains a weakness in the ldap implementation that could allowa remote ldap user to login in the Brocade Fibre Channel SAN switch with "user"...

Apache Avro Java SDK vulnerable to Improper Input Validation (CVE-2023-39410)

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro...

GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow

The deprecated compatibility function clntcreate in the sunrpc module of the GNU C Library aka glibc through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or if an application is no...

A flaw was found in the sctp_make_strreset_req function in net sctp sm_make_chunk.c

A flaw was found in the sctpmakestrresetreq function in net/sctp/smmakechunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUGON issue, leading to a denial of service DOS...

CVE-2022-42003 - In FasterXML jackson-databind before 2.14.0-rc1, ressource exhaustion

In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check-in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1 Products Confirme...

BSA-2022-1691

Security Advisory ID : BSA-2022-1691 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition...

BSA-2022-1983

Security Advisory ID : BSA-2022-1983 Component : com.alibaba:fastjson Revision : 1.0: Final The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions...

BSA-2022-1840

Security Advisory ID : BSA-2022-1840 Component : debug mode Revision : 1.0 An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in...

2023.3 IPU - BIOS Advisory (CVE-2022-43505)

Potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow escalation of privilege, information disclosure, or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities...

Vulnerable postgresql component found in SANnav RPM package

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which...

net ipv4 route.c has an information leak because the hash table is very small

In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. Impact: Successful exploitation of this vulnerability could lead to disclosure of sensitive information. Pro ducts Affected Brocade Fabric OS v9.0 and later...

CVE-2018-16850 - SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER ... REFERENCING.

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.More at:...

CVE-2022-33187 : Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. (BSA-2022-2122)

Security Advisory ID: BSA-2022-2122 Component: DebugLogs Revision: 1.0 Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information...

CVE-2017-18018: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file

In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. Affected Products All versions of...

CVE-2021-3711: ASN1_STRING structure contains a buffer holding the string data

Security Advisory ID : BSA-2022-1586 Component : OpenSSL Revision : 2.0 In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and,...

BSA-2022-1690

Security Advisory ID : BSA-2022-1690 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Keytool. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise...

BSA-2022-1688

Security Advisory ID : BSA-2022-1688 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise...

BSA-2022-1728

Security Advisory ID : BSA-2022-1728 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM...

Code injection exposure in Fabric OS 9.1.0 through 9.1.1d6

Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6. Description Through a flaw in IP Address validation, a local user,...