879 matches found
use-after-free and memory corruption
The tcpmssmanglepacket function in net/netfilter/xtTCPMSS. c in the Linux kernel before 4.11, and 4.9. x before 4.9. 36, allows remote attackers to cause a denial of service use-after-free and memory corruption or possibly have unspecified other impact by leveraging the presence of xtTCPMSS in an...
Brocade ASCG Vulnerability Disclosures
Brocade Security Advisories posted on July 1, 2026 CVE addressed in ASCG 3.4.0c CVE-2026-31431 crypto: algifaead - Revert to operating out-of-place PSIRT Risk: High https://support.broadcom.com/external/content/SecurityAdvisories/0/37827 CVE-2026-43284 xfrm: esp: avoid in-place decrypt on shared...
Brocade SANnav Vulnerability Disclosures
Brocade Security Advisories posted on March 3, 2026 CVEs addressed in SANnav 3.0.0 CVE-2025-53905, CVE-2025-53906 Path traversal issues in Vims tar.vim and zip.vim plugins PSIRT Risk: Low https://support.broadcom.com/external/content/SecurityAdvisories/0/37152 CVE-2025-26465 OpenSSH security upda...
BSA-2020-950
Security Advisory ID : BSA-2020-950 Component : REST API Revision : 1.0 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier...
BSA-2020-1084
Security Advisory ID : BSA-2020-1084 Component : Rest API Revision : 2.0 Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input. Note: Brocade Fabric OS versions before v8.2.1 are not affected. Rest API is...
BSA-2018-540
Security Advisory ID : BSA-2018-540 Component : OpenSSH Revision : 2.0: Final The 1 roamingread and 2 roamingwrite functions in roamingcommon.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file...
BSA-2017-257
Security Advisory ID : BSA-2017-257 Component : NTP Revision : 1.0: Interim It was discovered thatntpdas a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to anntpdclient that would effectively disable...
BSA-2017-205
Security Advisory ID : BSA-2017-205 Component : OpenSSL Revision : 1.0: Interim Severity: High-TLS connections using -CHACHA20-POLY1305ciphersuitesare susceptible to aDoSattack by corrupting larger payloads. This can result in an OpenSSL crash. Thisissue is not considered to be exploitable beyond...
Requests Vulnerable to Information Disclosure via '.netrc' Credentials Leak in 'get_netrc_auth()' Function
Requests is vulnerable to leakage of .netrc credentials due to a URL parsing issue. An attacker could exploit this by supplying a maliciously-crafted URL to a victim, which could result in loss of said credentials and can be potentially used for accessing remote servers...
UDisks Daemon Vulnerable to Local Privilege Escalation via Negative Index in Loop Device Handler
Udisks is vulnerable to out-of-bounds read due to improper validation of the index parameter in the loop device handler. This could allow an attacker to crash the UDisks daemon or perform local privilege escalation by accessing files owned by privileged users...
Out of bounds read for cookie path
A cookie is set using the secure keyword for https://target curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set. The same cookie name is set - but with just a slash as path path="/". Since this site is not secure,...
LibExpat Vulnerable to Denial-of-Service (DoS) via Uncontrolled Resource Consumption in 'xmlparse.c' File
CVE-2025-32990 A heap-buffer-overflow off-by-one flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds OOB NULL pointer write, resulting in memory...
Spring Framework DoS (CVE-2024-38808, CVE-2024-38809 and CVE-2024-22262)
The Spring Framework vulnerabilities identified are located within open source components utilized by Brocade SANnav, however none of these vulnerabilities are in the executable code path. As a part of good security practice, the open source component was updated in the Brocade SANnav 3.0.0...
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak...
Privilege escalation in Brocade Fabric OS before 9.2.1c3, and 9.2.2 though 9.2.2b (CVE-2025-9711)
A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “root” using the export option of seccertmgmt and seccryptocfg commands...
Postgres vulnerabilities (CVE-2025-8713, CVE-2025-8714, CVE-2025-8715)
The Postgres vulnerabilities identified are located within open source components utilized by Brocade SANnav, however none of these vulnerabilities are in the executable code path. As a part of good security practice, the open source component was updated in the SANnav 2.4.0b and 3.0.0 releases...
SQL queries with sensitive information printed in logs with Brocade SANnav before 3.0 (CVE-2025-12774)
A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of databa...
Linux Kernel IPv6 Segment Routing Vulnerable to Out-of-Bounds Read via Crafted Netlink Message in SRv6 Layer
IPv6 Segment Routing SRv6 is vulnerable to an out-of-bounds read when setting HMAC data due to a lack of validation in the SEG6ATTRSECRETLEN attribute. This could allow an attacker to read up to 64 bytes of data past the skb end pointer and into skbsharedinfo, potentially leading to information...
Use-after-free in xmlValidatePopElement() using XMLReader API (CVE-2024-25062)
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...
Privileged escalation via crafted use of portcfg command
A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extensio...
Security Updates Delivered with ASCG v3.0
Dear Brocade Customer: This Advisory aims to inform you of Brocade ASCG security updates in Brocade ASCG v3.0. Please review the recently posted security advisories listed here: Updated Security Advisories to show these are now addressed in Brocade ASCG v3.0 CVE-2018-25032...
CVE-2022-33185. Several commands in Brocade Fabric OS use unsafe string function to process user input
Security Advisory ID : BSA-2022-2078 Component : FOS Revision : 1.1 Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer...
BSA-2021-1487
Security Advisory ID : BSA-2021-1487 Component : Libarchive Revision : 1.0 libarchive 3.3.2 suffers from an out-of-bounds read within lhareaddatanone in archivereadsupportformatlha.c when extracting a specially crafted lha archive, related to lhacrc16. Affected Products Brocade SANnav versions...
BSA-2021-1485
Security Advisory ID : BSA-2021-1485 Component : Login Response Header Revision : 1.0 Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header. Affected Products Brocade SANnav...
BSA-2018-538
Security Advisory ID : BSA-2018-538 Component : OpenSSH Revision : 2.0: Final The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. Affected Products Security updates have be...
BSA-2017-315
Security Advisory ID : BSA-2017-315 Component : Management Module Revision : 1.0: Interim Improperly checks for unusual or exceptional conditions when the Management Module is continuously scanned on port 22 may allow attackers to cause a denial of service crash and reload of the management modul...
BSA-2017-225
Security Advisory ID : BSA-2017-225 Component : ntp Revision : 1.0: Interim Whenntpdreceives a server response on a socket that corresponds to a different interface than was used for the request, the peer structure is updated to use the interface for new requests. Ifntpdis running on a host with...
Cache poisoning attacks with unsolicited RRs
Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through...
sssd default kerberos configuration allows privilege escalation on ad-joined linux systems
A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...
AIDE Vulnerable to Improper Output Neutralization via Terminal Escape Sequences in Log and Report Output
AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...
Protobuf Pure-Python backend can be corrupted by exceeding the Python recursion limit
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...
OpenSSH security update for CVE-2025-26465
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...
OpenSSH security update (CVE-2025-61985)
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...
A malicious rsh server can overwrite arbitrary files in a directory on the rcp client machine
An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server or Man-in-The-Middle attacker can overwrite...
In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c
In elfutils 0.183, an infinite loop was found in the function handlesymtab in readelf.c .Which allows attackers to cause a denial of service infinite loop via crafted file...
Plain password is logged in the audit logs while executing update-reports-purge-settings.sh script with Brocade SANnav before 2.4.0a (CVE-2025-12773)
A vulnerability in “update-reports-purge-settings.sh” script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade...
Cleartext storage of sensitive information in Brocade SANnav server audit logs. (CVE-2025-6390)
Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the...
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass
wpasupplicant is vulnerable to authentication bypass due to its implementation of Protected Extensible Authentication Protocol PEAP. An attacker could exploit this in order to trick a victim into connecting to a malicious clone of an Enterprise WiFi network and subsequently intercept their traffi...
CVE-2022-43936: Switch passwords in logs
Security Advisory ID : BSA-2022-2126 Component : Logs Revision : 1.0 Brocade SANnav versions before v2.2.2 improperly expose Brocade Fabric OS switch password when debugging is turned on. A local or remote authenticated privileged user with access to logs may gain switch users' passwords...
CVE-2022-33183. Stack buffer overflow using in “firmwaredownload†and “diagshow†commands.
Security Advisory ID : BSA-2022-2085 Component : FOS Revision : 1.1 A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload†and...
CVE-2022-33181. Information disclosure vulnerability in Brocade Fabric OS CLI using switch commands “configshow†and “supportlinkâ€.
Security Advisory ID : BSA-2022-2083 Component : FOS Revision : 1.1 An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands...
BSA-2021-1440
Security Advisory ID : BSA-2021-1440 Component : OpenSSL Revision : 1.1 An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial...
BSA-2020-906
Security Advisory ID : BSA-2020-906 Component : authentication Revision : 1.0: Final Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client. The argumen...
BSA-2019-766
Security Advisory ID : BSA-2019-766 Component : OpenSSH Revision : 1.0: Final A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process...
BSA-2018-514
Security Advisory ID : BSA-2018-514 Component : TLS Implementations Revision : 1.1: Final TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. An attacker could...
BSA-2017-326
Security Advisory ID : BSA-2017-326 Component : Linux Kernel Revision : 2.0: Interim It was found that thepacketsetring function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAPNETRAW capability could use this flaw to...
BSA-2017-325
Security Advisory ID : BSA-2017-325 Component : JAVA SE JAXP Revision : 3.0: Final Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit:...
BSA-2017-334
Security Advisory ID : BSA-2017-334 Component : zlib Revision : 2.0: Interim An oldinffast.coptimization turns out to not be optimal anymore with modern compilers, and furthermore was not compliant withtheCstandard, for which decrementing a pointer before its allocated memory is undefined. Affect...
BSA-2017-260
Security Advisory ID : BSA-2017-260 Component : DH Parameters Revision : 1.0: Interim There is a carry propagating bug in the x8664 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult t...
BSA-2017-258
Security Advisory ID : BSA-2017-258 Component : ECDHE Parameters Revision : 1.0: Interim If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointerleading to a client crash. This could be exploited in a...