879 matches found
CVE-2022-33187 : Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. (BSA-2022-2122)
Security Advisory ID: BSA-2022-2122 Component: DebugLogs Revision: 1.0 Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information...
CVE-2017-18018: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. Affected Products All versions of...
BSA-2022-2018
Security Advisory ID : BSA-2022-2018 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM...
BSA-2022-1728
Security Advisory ID : BSA-2022-1728 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM...
Code injection exposure in Fabric OS 9.1.0 through 9.1.1d6
Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6. Description Through a flaw in IP Address validation, a local user,...
Possible DoS translating ASN.1 object identifiers (CVE-2023-2650)
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...
CVE-2023-4162 - Segmentation fault in Brocade Fabric OS after Brocade Fabric OS v9.0
A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to crash a Brocade Fabric OS swith using the cli “passwdcfg --set -expire -minDiff“...
Vulnerable postgresql component found in SANnav RPM package
pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which...
CVE-2023-3489 - firmwaredownload command could log servers passwords in clear text
The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS. CVE Details The firmwaredownload command downloads the Brocade Fabric OS...
CVE-2021-3711: ASN1_STRING structure contains a buffer holding the string data
Security Advisory ID : BSA-2022-1586 Component : OpenSSL Revision : 2.0 In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and,...
CVE-2022-33181. Information disclosure vulnerability in Brocade Fabric OS CLI using switch commands “configshow” and “supportlink”.
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”. Affected Product All Brocade Fabric OS...
BSA-2022-1690
Security Advisory ID : BSA-2022-1690 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Keytool. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise...
BSA-2022-2016
Security Advisory ID : BSA-2022-2016 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM...
BSA-2021-1658
Security Advisory ID : BSA-2021-1658 Component : JDBC Appender in Apache Log4j Revision : 1.0 Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI...
Encoded session passwords on session storage for Virtual Fabric platforms.(CVE-2024-29953)
A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded passwords...
Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing opening of ttys could lead to a use-after-free
Linux kernel before 5.6.2 between the VTDISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free...
CVE-2022-3358 : Using a Custom Cipher with NID_undef may lead to NULL encryption
Security Advisory ID : BSA-2022-2094 Component : OpenSSL Revision : 1.0 OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0, and application authors are instead encouraged to use the new...
BSA-2022-1729
Security Advisory ID : BSA-2022-1729 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition:...
BSA-2022-1734
Security Advisory ID : BSA-2022-1734 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle Graal...
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack (CVE-2023-34478)
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha...
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation (CVE-2022-25235)
xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context...
BSA-2021-1481
Security Advisory ID : BSA-2021-1481 Component : IPv6 networking Revision : 1.0 The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface. When IPv6 networking is enabled on t...
password management API prints sensitive information in log files (CVE-2024-29954)
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the...
Excessive Resource Usage Verifying X.509 Policy Constraints (CVE-2023-0464)
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...
cleartext password in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav (CVE-2024-29956)
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the SANnav password in clear text in support save logs when a user schedules a switch "supportsave" Brocade SANnav...
Missing character encoding in progress display allows for spoofing of scp client output (CVE-2019-6109)
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers.
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A...
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection
curl 7.63.0 to and including 7.75.0 includes a vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived...
CVE-2018-0732. Client DoS due to large DH parameter.
Security Advisory ID : BSA-2022-627 Component : OpenSSL Revision : 1.0 During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key...
Flaw in polkit
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being...
BSA-2022-1731
Security Advisory ID : BSA-2022-1731 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle Graal...
BSA-2022-1980
Security Advisory ID : BSA-2022-1980 Component : Oracle Java SE Revision : 1.1 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM...
BSA-2022-1978
Security Advisory ID : BSA-2022-1978 Component : Password Revision : 1.0 Brocade SANnav before Brocade SANvav v.2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log Affected Products Brocade SANnav versions before v2.2.0.2...
BSA-2022-1841
Security Advisory ID : BSA-2022-1841 Component : REST API Revision : 1.0 Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. Affected Products. Brocade SANnav - Fixed in Brocade SANnav 2.2.0...
BSA-2022-1844
Security Advisory ID : BSA-2022-1844 Component : RBAC Revision : 1.0 A vulnerability in the role-based access control RBAC functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions...
BSA-2017-216
Security Advisory ID : BSA-2017-216 Component : libcurl Revision : 1.0: Interim curl andlibcurlbefore 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loade...
A flaw was found in systemd, where it mishandles numerical usernames beginning with decimal digits, or "0x" followed by hexadecimal digits.(CVE-2020-13776)
Systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082...
CVE-2023-31925 - Storage of clear text password in Brocade SANnav
Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuratio...
A remote attacker can supply specially crafted transfer-encoding chunks to Eclipse Jetty that may bypass the authorization checks of an intermediary caching proxy.
In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a...
Hardware allows activation of test or debug logic
Hardware allows activation of test or debug logic at runtime for some IntelR processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access...
Information disclosure in Linux kernels through 3.1
In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat...
This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory.
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability...
CVE-2023-31428 - CLI allows upload or transfer files of dangerous types
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under users home directory using grep...
BSA-2022-2075
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools user to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose...
BSA-2021-1480
Security Advisory ID : BSA-2021-1480 Component : Webtools Revision : 1.0 Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration;this is commonly referred to as Server-Side Request Forgery SSRF. Attackers can utili...
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...
A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.
A race condition in the Linux kernel before 5.5.7 involving VTRESIZEX could lead to a NULL pointer dereference and general protection fault...
CVE-2022-43933 : Configuration secrets are logged in support-save
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in support-save. Support-save file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and...
CVE-2022-28170. Brocade Fabric OS Web Application services store server and user passwords in the debug statements.
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. Affected Product All Brocade Fabric OS versions...