879 matches found
BSA-2021-1490
Security Advisory ID : BSA-2021-1490 Component : Web Management Interface Revision : 1.1 The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An...
Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks (CVE-2024-53677)
Brocade Security Team has become aware of a critical Remote Code Execution affecting Apache Struts. Detail An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code...
Protection mechanisms (CVE-2024-4159)
Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information...
Excessive time spent checking DH keys and parameters (CVE-2023-3446)
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link symlink following. Products Confirmed Not Affected No Brocade Fibre Channel products are affected by this vulnerability Solution While Brocade Fabric OS is not vulnerable to this exploit, a security scan may repo...
A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.
A race condition in the Linux kernel before 5.5.7 involving VTRESIZEX could lead to a NULL pointer dereference and general protection fault...
CVE-2020-25695 - Multiple features escape "security restricted operation" sandbox
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...
CVE-2021-4044: Invalid handling of X509_verify_cert() internal errors in libssl
Security Advisory ID : BSA-2022-1661 Component : OpenSSL Revision : 1.0 A flaw was found in the way OpenSSL verified certificates via the X509verifycert function. X509verifycert fuunction may return a negative return value to indicate an internal error for example, out of memory. Such a negative...
CVE-2022-33186 : EZServer module vulnerability. (BSA-2022-2121)
Security Advisory ID: BSA-2022-2121 Component: EZServer Revision: 2.1 A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning,...
BSA-2022-2019
Security Advisory ID : BSA-2022-2019 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise...
BSA-2022-1730
Security Advisory ID : BSA-2022-1730 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle...
BSA-2022-1733
Security Advisory ID : BSA-2022-1733 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle Graal...
BSA-2021-1492
Security Advisory ID : BSA-2021-1492 Component : ipfilter Revision : 1.1 The command “ipfilter†in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0CBN4,and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to...
BSA-2021-1291
Security Advisory ID : BSA-2021-1291 Component : SSH Revision : 2.0: Final The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h,v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks...
BSA-2020-1073
Security Advisory ID : BSA-2020-1073 Component : HTTP Management Interface Revision : 1.1 A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0CBN3, v7.4.2g could allow authenticated attackers...
BSA-2020-1077
Security Advisory ID : BSA-2020-1077 Component : HTTP management interface Revision : 2.0 Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0, v8.2.3 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTT...
SANnav ROCKY LINUX Upgrade for RLSA-2024:5530, RLSA-2024:5101, RLSA-2024:4583, RLSA-2024:3501, RLSA-2024:3513, RLSA-2024:3619, RLSA-2024:4349, RLSA-2024:4078, RLSA-2024:2758, RLSA-2024:2758
Brocade SANnav OVA versions 2.3.1b and 2.4.0 along with Brocade sannavova8xos122024 SANnav OVA patch from December 2024 utilize an upgraded Rocky Linux Kernel. The upgrade has provided Security updates for numerous security vulnerabilities. Rocky Linux Security Update for python-setuptools...
SANnav encrypted key in PostgreSQL startup logs (CVE-2024-29955)
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key...
A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches (CVE-2024-29965).
In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface "SSH". The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the...
Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files (CVE-2024-29967).
In Brocade SANnav before Brocade SANnav v2.3.1 and v2.3.0a, it was observed that Docker instances have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to these files...
hard-coded credential in the documentation that appear as the root password (CVE-2024-29966).
Brocade SANnav OVAprovides a Linux root account for use during the initial installation and management of the SANnav product. The default password for the root account is documented in the SANnav installation guide. This could allow an unauthenticated attacker full access to a Brocade SANnav OVA ...
The class FileTransfer implemented uses the ssh-rsa signature scheme (CVE-2024-29950)
The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack...
Extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)
An extension script is vulnerable if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". No bundled extension is vulnerable. Vulnerable uses do appear in a documentation example and in non-bundled extensions. Hence, the attack prerequisite is ...
Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.
Apache Shiro contains an authentication bypass vulnerability when it is forwarding or including requests usingRequestDispatchercomponent. This could allow an attacker to gain unauthorized access to the application...
CVE-2023-31431 - A buffer overflow vulnerability in “diagstatus” command
A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service...
Flaw in polkit
Security Advisory ID : BSA-2022-2011 Component : Polkit Revision : 1.0 There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage...
BSA-2021-1495
Security Advisory ID : BSA-2021-1495 Component : CLI Revision : 1.0 Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations. Affected Products Brocade...
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. (CVE-2024-29964)
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files...
Encryption key in the console (CVE-2024-29958)
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to acquiring the encryption...
Truncated port name (CVE-2023-5973)
Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName contains reserved characters. This could allow an authenticated user to alter the UI of the Brocade Switch and change ports display. Note: The vulnerability doesn...
Remote code execution (RCE) vulnerability in Brocade Fabric OS (CVE-2023-3454)
Remote code execution RCE vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow a remote unauthenticated attacker to execute arbitrary code and use this to gain root access to the switch...
CVE-2022-43937 - Sensitive fields are recorded in the debug-enabled logs
Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before v2.3.0 and 2.2.2a...
Potential Denial of Service exploit in Net-SNMP 5.8 through 5.9.3
handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker who has write access to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service...
CVE-2023-31427 - Knowledge of full path name
Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled...
CVE-2022-1552 : Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...
BSA-2022-1931
Security Advisory ID : BSA-2022-1931 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM...
BSA-2017-323
Security Advisory ID : BSA-2017-323 Component : JAVA SE JCE Revision : 3.0: Final Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13...
Buffer overrun from integer overflow in array modification (CVE-2023-5869)
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing...
Brocade SANnav exposes Kafka in the wan interface (CVE-2024-4173)
Brocade SANnav ports used by Kafka are open for the entire wan vs being limited to only the FabricOS switches discovered by the SANnav. Additionally, in Brocade SANnav versions priorto version v2.2.0, the Kafka process is started as a root user using defaultcredentials. The vulnerability could...
CVE-2023-31429 - Vulnerability in multiple commands
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content ...
CVE-2023-31432 - Privilege issues in multiple commands
Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0...
BSA-2022-1843
Security Advisory ID : BSA-2022-1843 Component : Password Encryption Revision : 1.0 Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords. Affecte...
BSA-2021-1483
Security Advisory ID : BSA-2021-1483 Component : JMX Revision : 1.0 Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server. Affected Products Brocade SANnav versions before SANnav 2.1...
BSA-2021-1491
Security Advisory ID : BSA-2021-1491 Component : Web Application Service Revision : 1.0 The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication heade...
BSA-2020-1078
Security Advisory ID : BSA-2020-1078 Component : Supportlink CLI Revision : 2.0 Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An...
BSA-2020-1019
Security Advisory ID : BSA-2020-1019 Component : Treck IP stack Revision : 1.0: Final Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls themRipple20. More information is...
CVE-2023-31423 - Possible information exposure through log file vulnerability
Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the attacker must first collect a "supportsave" on Brocade SANnav or have access to an...
Buffer overflow in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string
Buffer overflow in the charsettointern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. Notes: Brocade SANnav contains the affected open source routines, but these...
NULL pointer dereference in libxml2 through 2.9.8
when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing...
BSA-2022-1837
Security Advisory ID : BSA-2022-1837 Component : H2 Revision : 1.0 An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files outside of their permissions via a symlink to a fake database file. Affected Products. Brocade...