Buffer overrun from integer overflow in array modification (CVE-2023-5869)

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing...

SNMP passwords in clear text if password encryption is not configured. (CVE-2024-5462)

If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords ...

Ping at regular intervals (CVE-2024-29961)

A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com and ignite.apache.org to check if updates are available for the Component. This could make an unauthenticated, remote...

Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node support save (CVE-2024-29959).

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save...

An improper access control vulnerability has been discovered in Apache Spark

In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute co...

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion

In Expat aka libexpat before 2.4.5, an attacker can trigger stack exhaustion in buildmodel via a large nesting depth in the DTD element...

CVE-2023-31427 - Knowledge of full path name

Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled...

CVE-2022-43936: Switch passwords in logs

Brocade SANnav versions before v2.2.2 improperly expose Brocade Fabric OS switch password when debugging is turned on. A local or remote authenticated privileged user with access to logs may gain switch users' passwords. Products Affected Brocade SANnav versions before v2.2.2 Products Confirmed N...

BSA-2022-1837

Security Advisory ID : BSA-2022-1837 Component : H2 Revision : 1.0 An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files outside of their permissions via a symlink to a fake database file. Affected Products. Brocade...

BSA-2022-1675

Security Advisory ID : BSA-2022-1675 Component : logback Revision : 1.0 In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. Brocade has...

BSA-2021-1552

Security Advisory ID : BSA-2021-1552 Component : Authentication Revision : 1.0: Final A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through...

BSA-2021-1484

Security Advisory ID : BSA-2021-1484 Component : hard-coded administrator account Revision : 1.0 Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time. Affected Products Brocade...

BSA-2020-1080

Security Advisory ID : BSA-2020-1080 Component : seccryptocfg templates Revision : 2.0 Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0CBN3, contains code injection and privilege escalation vulnerability. The vulnerability could allow an unauthenticate...

SFTP/FTP password could be captured in plain text in Supportsave generated from SANnav

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave. Description The...

Brocade SANnav exposes Kafka in the wan interface (CVE-2024-4173)

Brocade SANnav ports used by Kafka are open for the entire wan vs being limited to only the FabricOS switches discovered by the SANnav. Additionally, in Brocade SANnav versions priorto version v2.2.0, the Kafka process is started as a root user using defaultcredentials. The vulnerability could...

Syslog traffic sent in clear-text (CVE-2024-4161)

In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic was received in clear text. This could allow an unauthenticated, remote attacker to capture sensitive information...

hard-coded credential in the documentation that appear as the root password (CVE-2024-29966).

Brocade SANnav OVAprovides a Linux root account for use during the initial installation and management of the SANnav product. The default password for the root account is documented in the SANnav installation guide. This could allow an unauthenticated attacker full access to a Brocade SANnav OVA ...

Insecure file permission setting that makes files world-readable (CVE-2024-29962).

Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java binary...

CVE-2023-31424 - Web authentication and authorization bypass

Brocade SANnav web interface before Brocade SANnav v2.3.0 and v2.2.2a allow remote unauthenticated users to bypass web authentication and authorization...

Potential privilege escalation by embedding shell commands in a mountpoint name

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command within Bash by a different user, as demonstrated by logging in as root and entering umount followed by a tab...

BSA-2021-1496

Security Advisory ID : BSA-2021-1496 Component : config and secnotify processes Revision : 1.0 Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of...

BSA-2021-1319

Security Advisory ID : BSA-2021-1319 Component : Brocade SANnav Revision : 1.0: Final Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name. Note: When...

BSA-2016-134

Security Advisory ID : BSA-2016-134 Component : Crypto Revision : 2.0: Final The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to...

SANnav ROCKY LINUX Upgrade for RLSA-2024:5530, RLSA-2024:5101, RLSA-2024:4583, RLSA-2024:3501, RLSA-2024:3513, RLSA-2024:3619, RLSA-2024:4349, RLSA-2024:4078, RLSA-2024:2758, RLSA-2024:2758

Brocade SANnav OVA versions 2.3.1b and 2.4.0 along with Brocade sannavova8xos122024 SANnav OVA patch from December 2024 utilize an upgraded Rocky Linux Kernel. The upgrade has provided Security updates for numerous security vulnerabilities. Rocky Linux Security Update for python-setuptools...

Identical SSH keys utilized inside the OVA image (CVE-2024-29960)

In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav...

CVE-2023-31430 - buffer overflow vulnerability in “secpolicydelete” command

A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service...

libcgroup up to and including 0.41 creates file with mode 0666 regardless of the configured umask, leading to disclosure of information.

libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information...

CVE-2023-31927 - An information disclosure in the web interface of Brocade Fabric OS

An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface...

CVE-2022-43934 : Weak Key-exchange algorithms

Security Advisory ID : BSA-2022-2124 Component : Crypto Revision : 1.0 Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095...

BSA-2022-1977

Security Advisory ID : BSA-2022-1977 Component : TLS/SSL Revision : 1.0 In Brocade SANnav versions before v2.2.0.2, and v2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers ssl-static-key-ciphers on ports 443 & 18082. Affected Products Brocade SANnav versions befo...

SQLite Vulnerable to Out-of-Bounds Memory Access via Insufficient Input Validation in 'sessionReadRecord' Function of 'Sessions' Extension

SQLite is vulnerable to an out-of-bounds memory access issue due to a lack of sufficient input validation in the sessionReadRecord function. An attacker could submit a crafted input in order to trigger the flaw which could allow for a 1-byte out-of-bounds read to occur which could lead to...

Brocade Fabric OS (10.x and 9.2.x Releases) Vulnerability Disclosures

Brocade Security Advisories posted on March 3, 2026 CVE addressed in FOS 10.0.0 CVE-2025-26465 OpenSSH security update for CVE-2025-26465 PSIRT Risk: Low for FOS https://support.broadcom.com/external/content/SecurityAdvisories/0/37134 CVEs previously addressed in FOS 9.2.2 CVE-2025-228871,...

The Postgres implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw (CVE-2024-2860)

The Postgres implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker with access to the VM where the Brocade SANnav is installed can gain access to sensitive data inside the Postgres database...

plaintext passwords storage in logs by manipulating command variables (CVE-2024-29952)

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables...

CVE-2022-43933 : Configuration secrets are logged in support-save

Security Advisory ID : BSA-2022-2123 Component : Configsecrets Revision : 1.0 An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in support-save. Support-save file is generated by an admin user...

CVE-2022-28170. Brocade Fabric OS Web Application services store server and user passwords in the debug statements.

Security Advisory ID : BSA-2022-2076 Component : FOS Revision : 1.1 Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file...

BSA-2020-1130

Security Advisory ID : BSA-2020-1130 Component : NGINX Revision : 1.0 NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load...

OS command injection vulnerability in OpenSSH (CVE-2023-51385)

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or...

SHA-1 hash in internal SSH ports that are not open to remote connection.(CVE-2024-29951)

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection...

TLS/SSL weak message authentication code ciphers are added by default for port 18082.(CVE-2024-29969)

When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082...

CVE-2022-43935: Switch passwords and authorization IDs are printed in the embedded MLS DB file5

Security Advisory ID : BSA-2022-2125 Component : MLSDB Revision : 1.0 An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file...

BSA-2020-1075

Security Advisory ID : BSA-2020-1075 Component : Management Interface Revision : 2.0 A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 or before Brocade Fabric OS v8.2.1could allow a remote attacker to perform a denial of service attack on t...

BSA-2020-1079

Security Advisory ID : BSA-2020-1079 Component : firmwareDownload Revision : 2.0 A vulnerability in the firmwaredownload operation in Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability i...

BSA-2017-327

Security Advisory ID : BSA-2017-327 Component : JAVA SE Networking Revision : 3.0: Final Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficul...

OpenSSL is vulnerable to a denial of service, caused by a flaw in the handling of RSA public keys by the EVP_PKEY_public_check() function

OpenSSL is vulnerable to a denial-of-service DoS issue due to how there is no restriction on RSA public key size, or the subsequent time spent processing such keys. Applications that use the EVPPKEYpubliccheck function to check RSA public keys obtained from potentially untrusted sources can be...

The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms

OpenSSL contains an issue in the POLY1305 MAC message authentication code implementation that might result in a corrupted internal application state. This flaw is only exploitable on PowerPC CPU based platforms if the CPU provides vector instructions PowerISA 2.07. The impact of the corrupted...

CVE-2022-33178. A vulnerability in the radius authentication system could allow arbitrary code execution.

Security Advisory ID : BSA-2022-2077 Component : FOS Revision : 1.0 A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. Due to improper input validation, the privileged...

BSA-2020-973

Security Advisory ID : BSA-2020-973 Component : jQuery Revision : 1.0 In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e..html, .append, and others...

BSA-2020-1083

Security Advisory ID : BSA-2020-1083 Component : secccrypptocfg Revision : 2.0 Brocade Fabric OS before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0CBN3, v7.4.2g contains an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow...

BSA-2018-527

Summary OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for...