875 matches found
BSA-2021-1291
Security Advisory ID : BSA-2021-1291 Component : SSH Revision : 2.0: Final The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h,v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks...
BSA-2020-1077
Security Advisory ID : BSA-2020-1077 Component : HTTP management interface Revision : 2.0 Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0, v8.2.3 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTT...
BSA-2020-1073
Security Advisory ID : BSA-2020-1073 Component : HTTP Management Interface Revision : 1.1 A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0CBN3, v7.4.2g could allow authenticated attackers...
Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks (CVE-2024-53677)
Brocade Security Team has become aware of a critical Remote Code Execution affecting Apache Struts. Detail An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code...
A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches (CVE-2024-29965).
In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface "SSH". The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the...
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...
Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.
Apache Shiro contains an authentication bypass vulnerability when it is forwarding or including requests usingRequestDispatchercomponent. This could allow an attacker to gain unauthorized access to the application...
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link symlink following. Products Confirmed Not Affected No Brocade Fibre Channel products are affected by this vulnerability Solution While Brocade Fabric OS is not vulnerable to this exploit, a security scan may repo...
CVE-2020-25695 - Multiple features escape "security restricted operation" sandbox
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...
CVE-2022-43933 : Configuration secrets are logged in support-save
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in support-save. Support-save file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and...
Flaw in polkit
Security Advisory ID : BSA-2022-2011 Component : Polkit Revision : 1.0 There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage...
BSA-2022-1730
Security Advisory ID : BSA-2022-1730 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle...
BSA-2022-2019
Security Advisory ID : BSA-2022-2019 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise...
BSA-2021-1495
Security Advisory ID : BSA-2021-1495 Component : CLI Revision : 1.0 Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations. Affected Products Brocade...
Protection mechanisms (CVE-2024-4159)
Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information...
SANnav encrypted key in PostgreSQL startup logs (CVE-2024-29955)
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key...
Encryption key in the console (CVE-2024-29958)
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to acquiring the encryption...
CVE-2023-31431 - A buffer overflow vulnerability in “diagstatus” command
A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service...
A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.
A race condition in the Linux kernel before 5.5.7 involving VTRESIZEX could lead to a NULL pointer dereference and general protection fault...
Potential Denial of Service exploit in Net-SNMP 5.8 through 5.9.3
handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker who has write access to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service...
CVE-2021-4044: Invalid handling of X509_verify_cert() internal errors in libssl
Security Advisory ID : BSA-2022-1661 Component : OpenSSL Revision : 1.0 A flaw was found in the way OpenSSL verified certificates via the X509verifycert function. X509verifycert fuunction may return a negative return value to indicate an internal error for example, out of memory. Such a negative...
BSA-2022-1734
Security Advisory ID : BSA-2022-1734 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle Graal...
Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files (CVE-2024-29967).
In Brocade SANnav before Brocade SANnav v2.3.1 and v2.3.0a, it was observed that Docker instances have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to these files...
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. (CVE-2024-29964)
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files...
Excessive time spent checking DH keys and parameters (CVE-2023-3446)
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...
Extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)
An extension script is vulnerable if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". No bundled extension is vulnerable. Vulnerable uses do appear in a documentation example and in non-bundled extensions. Hence, the attack prerequisite is ...
CVE-2022-43937 - Sensitive fields are recorded in the debug-enabled logs
Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before v2.3.0 and 2.2.2a...
CVE-2023-31429 - Vulnerability in multiple commands
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content ...
CVE-2022-1552 : Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...
BSA-2022-1931
Security Advisory ID : BSA-2022-1931 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM...
BSA-2021-1491
Security Advisory ID : BSA-2021-1491 Component : Web Application Service Revision : 1.0 The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication heade...
BSA-2021-1483
Security Advisory ID : BSA-2021-1483 Component : JMX Revision : 1.0 Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server. Affected Products Brocade SANnav versions before SANnav 2.1...
BSA-2020-1078
Security Advisory ID : BSA-2020-1078 Component : Supportlink CLI Revision : 2.0 Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An...
BSA-2017-323
Security Advisory ID : BSA-2017-323 Component : JAVA SE JCE Revision : 3.0: Final Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13...
Truncated port name (CVE-2023-5973)
Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName contains reserved characters. This could allow an authenticated user to alter the UI of the Brocade Switch and change ports display. Note: The vulnerability doesn...
Remote code execution (RCE) vulnerability in Brocade Fabric OS (CVE-2023-3454)
Remote code execution RCE vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow a remote unauthenticated attacker to execute arbitrary code and use this to gain root access to the switch...
Buffer overflow in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string
Buffer overflow in the charsettointern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. Notes: Brocade SANnav contains the affected open source routines, but these...
CVE-2023-31423 - Possible information exposure through log file vulnerability
Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the attacker must first collect a "supportsave" on Brocade SANnav or have access to an...
CVE-2023-31432 - Privilege issues in multiple commands
Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0...
CVE-2022-33186 : EZServer module vulnerability. (BSA-2022-2121)
Security Advisory ID: BSA-2022-2121 Component: EZServer Revision: 2.1 A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning,...
BSA-2022-1843
Security Advisory ID : BSA-2022-1843 Component : Password Encryption Revision : 1.0 Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords. Affecte...
BSA-2021-1482
Security Advisory ID : BSA-2021-1482 Component : Logging Revision : 1.0 Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level. Affected Products Brocade SANnav versions before SANnav 2.1.1...
BSA-2020-1081
Security Advisory ID : BSA-2020-1081 Component : shell variables Revision : 2.0 A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell...
The class FileTransfer implemented uses the ssh-rsa signature scheme (CVE-2024-29950)
The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack...
CVE-2023-31426 - scp, sftp, ftp servers passwords in supportsave
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information...
NULL pointer dereference in libxml2 through 2.9.8
when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing...
CVE-2023-31928 - XSS vulnerability in Brocade Webtools
A reflected cross-site scripting XSS vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools...
BSA-2022-1838
Security Advisory ID : BSA-2022-1838 Component : H2 Revision : 1.0 H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. Affected Products. Brocade SANnav - Fixed in Brocade SANnav 2.2.0...
BSA-2021-1486
Security Advisory ID : BSA-2021-1486 Component : File Listing Revision : 1.0 Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create...
BSA-2020-1019
Security Advisory ID : BSA-2020-1019 Component : Treck IP stack Revision : 1.0: Final Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls themRipple20. More information is...