BSA-2018-538

Security Advisory ID : BSA-2018-538 Component : OpenSSH Revision : 2.0: Final The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. Affected Products Security updates have be...

BSA-2017-315

Security Advisory ID : BSA-2017-315 Component : Management Module Revision : 1.0: Interim Improperly checks for unusual or exceptional conditions when the Management Module is continuously scanned on port 22 may allow attackers to cause a denial of service crash and reload of the management modul...

BSA-2017-248

Security Advisory ID : BSA-2017-248 Component : IPV6 Revision : 1.0: Interim An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big PTB messages. The scope of this CVE is all affected IPv6 implementations from all vendors. The security implications of IP...

BSA-2017-205

Security Advisory ID : BSA-2017-205 Component : OpenSSL Revision : 1.0: Interim Severity: High-TLS connections using -CHACHA20-POLY1305ciphersuitesare susceptible to aDoSattack by corrupting larger payloads. This can result in an OpenSSL crash. Thisissue is not considered to be exploitable beyond...

BSA-2017-225

Security Advisory ID : BSA-2017-225 Component : ntp Revision : 1.0: Interim Whenntpdreceives a server response on a socket that corresponds to a different interface than was used for the request, the peer structure is updated to use the interface for new requests. Ifntpdis running on a host with...

OpenSSH security update (CVE-2025-61984)

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. A configuration...

Privilege escalation in Brocade Fabric OS before 9.2.1c3, and 9.2.2 though 9.2.2b (CVE-2025-9711)

A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “root” using the export option of seccertmgmt and seccryptocfg commands...

Multiple Linux Security Updates applied to Brocade Fabric OS 10.0

Multiple Linux Security Updates applied to Brocade Fabric OS 10.0.0. While the Brocade Fabric OS is not affected by any of these public vulnerabilities, security updates have been applied as part of a proactive security practice CVE-2024-26596 Brocade Fabric OS before 10.0.0 not affected VEX...

A malicious rsh server can overwrite arbitrary files in a directory on the rcp client machine

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server or Man-in-The-Middle attacker can overwrite...

BSA-2021-1440

Security Advisory ID : BSA-2021-1440 Component : OpenSSL Revision : 1.1 An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial...

BSA-2020-906

Security Advisory ID : BSA-2020-906 Component : authentication Revision : 1.0: Final Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client. The argumen...

BSA-2017-325

Security Advisory ID : BSA-2017-325 Component : JAVA SE JAXP Revision : 3.0: Final Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit:...

BSA-2017-334

Security Advisory ID : BSA-2017-334 Component : zlib Revision : 2.0: Interim An oldinffast.coptimization turns out to not be optimal anymore with modern compilers, and furthermore was not compliant withtheCstandard, for which decrementing a pointer before its allocated memory is undefined. Affect...

BSA-2017-253

Security Advisory ID : BSA-2017-253 Component : OpenSSH Revision : 2.0: Interim sshdinOpenSSHbefore 6.6 does not properly support wildcards onAcceptEnvlines insshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard...

BSA-2017-211

Security Advisory ID : BSA-2017-211 Component : libidn Revision : 1.0: Interim The idnatoascii4i function in lib/idna.cinlibidnbefore 1.33 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via 64 bytes of input. Affected Products Product| Current...

Security updated provided in Brocade ASCG 3.4.0b for container-tools (CVE-2024-24785, CVE-2025-61729, CVE-2025-65637)

Security update provided in Brocade ASCG before ASCG 3.4.0b CVE-2024-24785 Title: Errors returned from JSON marshaling may break template escaping in html/template Description If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual...

Cache poisoning attacks with unsolicited RRs

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through...

AIDE Vulnerable to Improper Output Neutralization via Terminal Escape Sequences in Log and Report Output

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

Rocky Linux kernel security update Advisories in Brocade ASCG 3.4.0 Ova

Security updates are provided for multiple CVEs for Rocky Linux Kernel. kernel RLSA-2025:11850 CVE-2022-49977, CVE-2025-21905, CVE-2025-21919 kernel RLSA-2025:12752 CVE-2025-37890, CVE-2025-38079, CVE-2022-50020, CVE-2025-38052, CVE-2025-21928, CVE-2025-22020, kernel RLSA-2025:15008 CVE-2025-3833...

Out of bounds read for cookie path

A cookie is set using the secure keyword for https://target curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set. The same cookie name is set - but with just a slash as path path="/". Since this site is not secure,...

Podman Vulnerable to Arbitrary File Write via Symbolic Link Traversal in 'play.go' File

Podman contains a symbolic link traversal vulnerability when the kube play command is used with a 'ConfigMap' or secret volume mount. A remote attacker could exploit this by creating a malicious symbolic link on the volume in order to overwrite the contents of arbitrary files, however the attacke...

OpenSSH security update for CVE-2025-26465

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...

sssd default kerberos configuration allows privilege escalation on ad-joined linux systems

A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...

Requests Vulnerable to Information Disclosure via '.netrc' Credentials Leak in 'get_netrc_auth()' Function

Requests is vulnerable to leakage of .netrc credentials due to a URL parsing issue. An attacker could exploit this by supplying a maliciously-crafted URL to a victim, which could result in loss of said credentials and can be potentially used for accessing remote servers...

OpenSSH security update (CVE-2025-61985)

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...

Vulnerability in OpenSSH when the VerifyHostKeyDNS option is enabled (CVE-2025-26465)

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...

In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c

In elfutils 0.183, an infinite loop was found in the function handlesymtab in readelf.c .Which allows attackers to cause a denial of service infinite loop via crafted file...

Multiple Vulnerabilities in Apache Kafka

Multiple Vulnerabilities addressed in Apache Kafka CVE-2023-25194 A possible security vulnerability has been identified in Apache Kafka Connect. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a...

The x509 application adds trusted use instead of rejected use

Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as trusted for that use. A copy & paste...

Oracle Java SE Multiple Vulnerabilities (April 2025)

Oracle Java SE Multiple Vulnerabilities April 2025 CVE-2025-23083 CVSS 3.1 Base Score 7.7 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Brocade SANnav not affected: VEX Justification: Vulnerablecodecannotbecontolledbyadversary CVE-2024-54534 CVSS 3.1 Base Score 7.5 CVSS Vector:...

The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass

wpasupplicant is vulnerable to authentication bypass due to its implementation of Protected Extensible Authentication Protocol PEAP. An attacker could exploit this in order to trick a victim into connecting to a malicious clone of an Enterprise WiFi network and subsequently intercept their traffi...

Brocade SANnav Vulnerability Disclosures

Brocade Security Advisories posted on March 3, 2026 CVEs addressed in SANnav 3.0.0 CVE-2025-53905, CVE-2025-53906 Path traversal issues in Vims tar.vim and zip.vim plugins PSIRT Risk: Low https://support.broadcom.com/external/content/SecurityAdvisories/0/37152 CVE-2025-26465 OpenSSH security upda...

CVE-2022-43936: Switch passwords in logs

Security Advisory ID : BSA-2022-2126 Component : Logs Revision : 1.0 Brocade SANnav versions before v2.2.2 improperly expose Brocade Fabric OS switch password when debugging is turned on. A local or remote authenticated privileged user with access to logs may gain switch users' passwords...

CVE-2022-33183. Stack buffer overflow using in “firmwaredownload” and “diagshow” commands.

Security Advisory ID : BSA-2022-2085 Component : FOS Revision : 1.1 A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and...

BSA-2017-258

Security Advisory ID : BSA-2017-258 Component : ECDHE Parameters Revision : 1.0: Interim If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointerleading to a client crash. This could be exploited in a...

BSA-2017-201

Security Advisory ID : BSA-2017-201 Component : OpenSSL Revision : 1.0: Interim It was found that function "ssl3readbytes" inssl/s3pkt.c might lead to higher CPU usage due to improper handling of warning packets.An attacker could repeat the undefined plaintext warning packets of "SSL3ALWARNING"...

BSA-2017-214

Security Advisory ID : BSA-2017-214 Component : wget Revision : 1.0: Interim Race condition inwget1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. Affect...

gdk-pixbuf Vulnerable to Heap Buffer Overflow via Malicious JPEG Images in 'gdk_pixbuf__jpeg_image_load_increment' Function

gdk-pixbuf is vulnerable to heap buffer overflow due to improper bounds handling in the gdkpixbufjpegimageloadincrement function and gbase64encodestep in glib. This could allow an attacker to trigger a denial-of-service or potentially cause the corruption of memory by processing maliciously craft...

GnuTLS Vulnerable to Memory Corruption via Double-Free upon Error when Exporting 'otherName' in SAN

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name SAN entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1deletestructure on an ASN.1 node it do...

Libsoup Vulnerable to Integer Overflow via Cookie Expiration Date Handling in Cookie Parsing Logic and Vulnerable to Information Exposure via Out-of-Bounds Read in HTTP Library Component

CVE-2025-4945 A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in...

Path traversal issues in Vims tar.vim and zip.vim plugins

CVE-2025-53905 Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction...

GNU binutils Vulnerable to Memory Corruption via Heap-Based Buffer Overflow in 'elf_swap_shdr()' Function

binutils contains a heap-based buffer overflow vulnerability in its Linker component. A local attacker could exploit this by passing a maliciously crafted payload to a victim, which when executed could result in serious impacts to system confidentiality, integrity and availability...

Protobuf Pure-Python backend can be corrupted by exceeding the Python recursion limit

Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...

Application User custom defined accounts are not properly password protected in Brocade ASCG 3.4.0 (CVE-2026-0869)

Application User accounts with Brocade ASCG application privileges created by the administrator are not properly being password enforced. Any other user that learns of the assigned user name can access the custom created application manager account and gain access to the Brocade ASCG application...

LibExpat Vulnerable to Denial-of-Service (DoS) via Uncontrolled Resource Consumption in 'xmlparse.c' File

CVE-2025-32990 A heap-buffer-overflow off-by-one flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds OOB NULL pointer write, resulting in memory...

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...

OpenSSL Stack buffer overflow in CMS AuthEnvelopedData parsing

Brocade Security has become aware of a stack buffer overflow that could lead to a crash, causing Denial of Service, or potentially remote code execution. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an...

SQL queries with sensitive information printed in logs with Brocade SANnav before 3.0 (CVE-2025-12774)

A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of databa...

Postgres vulnerabilities (CVE-2025-8713, CVE-2025-8714, CVE-2025-8715)

The Postgres vulnerabilities identified are located within open source components utilized by Brocade SANnav, however none of these vulnerabilities are in the executable code path. As a part of good security practice, the open source component was updated in the SANnav 2.4.0b and 3.0.0 releases...

Rocky Linux Updates applied to SANnav (CVE-2024-3661, CVE-2024-11187, CVE-2024-12797)

Rocky Linux OS updates RSLA-2025:0377, RSLA-2025:1681, RLSA-2025:1330 applied to Brocade SANnav OVA OS CVE-2024-3661 NetworkManager: DHCP routing options can manipulate interface-based VPN traffic CVE-2024-11187 It is possible to construct a zone such that some queries to it will generate respons...