Application User custom defined accounts are not properly password protected in Brocade ASCG 3.4.0 (CVE-2026-0869)

Application User accounts with Brocade ASCG application privileges created by the administrator are not properly being password enforced. Any other user that learns of the assigned user name can access the custom created application manager account and gain access to the Brocade ASCG application...

GnuTLS Vulnerable to Memory Corruption via Double-Free upon Error when Exporting 'otherName' in SAN

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name SAN entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1deletestructure on an ASN.1 node it do...

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...

OpenSSL Stack buffer overflow in CMS AuthEnvelopedData parsing

Brocade Security has become aware of a stack buffer overflow that could lead to a crash, causing Denial of Service, or potentially remote code execution. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an...

This flaw allows a malicious HTTP server to set "super cookies" in curl

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

SQL queries with sensitive information printed in logs with Brocade SANnav before 3.0 (CVE-2025-12774)

A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of databa...

DoS due to improper input validation vulnerability in Apache Tomcat - CVE-2024-24549

A vulnerability was found in the Tomcat package due to its handling of HTTP/2 requests. Specifically, when an HTTP/2 request surpasses the predetermined limits for headers configured within the server, the associated HTTP/2 stream isn't reset immediately. Instead, the reset action occurs only aft...

Rocky Linux Updates applied to SANnav (CVE-2024-3661, CVE-2024-11187, CVE-2024-12797)

Rocky Linux OS updates RSLA-2025:0377, RSLA-2025:1681, RLSA-2025:1330 applied to Brocade SANnav OVA OS CVE-2024-3661 NetworkManager: DHCP routing options can manipulate interface-based VPN traffic CVE-2024-11187 It is possible to construct a zone such that some queries to it will generate respons...

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak...

Daily Data Dump Collector logs database password in cleartext when running docker exec commands (CVE-2025-6392)

Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server...

Linux Kernel IPv6 Segment Routing Vulnerable to Out-of-Bounds Read via Crafted Netlink Message in SRv6 Layer

IPv6 Segment Routing SRv6 is vulnerable to an out-of-bounds read when setting HMAC data due to a lack of validation in the SEG6ATTRSECRETLEN attribute. This could allow an attacker to read up to 64 bytes of data past the skb end pointer and into skbsharedinfo, potentially leading to information...

Cleartext storage of sensitive information in Brocade SANnav server audit logs. (CVE-2025-6390)

Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the...

Ingress-nginx admission controller RCE escalation (CVE-2025-1974)

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...

Use-after-free in xmlValidatePopElement() using XMLReader API (CVE-2024-25062)

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

CVE-2022-33181. Information disclosure vulnerability in Brocade Fabric OS CLI using switch commands “configshow” and “supportlink”.

Security Advisory ID : BSA-2022-2083 Component : FOS Revision : 1.1 An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands...

BSA-2019-766

Security Advisory ID : BSA-2019-766 Component : OpenSSH Revision : 1.0: Final A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process...

BSA-2018-737

Security Advisory ID : BSA-2018-737 Component : OpenSSL Revision : 2.0: Final The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a-dev...

BSA-2018-539

Security Advisory ID : BSA-2018-539 Component : OpenSSH Revision : 2.0: Final The resendbytes function in roamingcommon.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffe...

BSA-2017-355

Security Advisory ID : BSA-2017-355 Component : Stack Revision : 2.0: Interim A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to ju...

BSA-2017-326

Security Advisory ID : BSA-2017-326 Component : Linux Kernel Revision : 2.0: Interim It was found that thepacketsetring function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAPNETRAW capability could use this flaw to...

BSA-2017-336

Security Advisory ID : BSA-2017-336 Component : zlib Revision : 2.0: Interim There was a small optimization for PowerPCs to pre-increment a pointer when accessing a word, instead of post-incrementing. This required prefacing the loop with a decrement of the pointer, possibly pointing before the...

BSA-2017-335

Security Advisory ID : BSA-2017-335 Component : zlib Revision : 2.0: Interim The C standard says that bit shifts of negative integers is undefined. This casts to unsigned values to assure a known result. Affected Products Product| Current Assessment ---|--- Brocade Virtual Web Application Firewal...

BSA-2017-314

Security Advisory ID : BSA-2017-314 Component : WildFly Revision : 5.0: Final Incomplete blacklist vulnerability in the servlet filter restriction mechanism inWildFlyformerlyJBossApplication Server before 10.0.0.Final on Windows allows remote unauthenticated attackers to read sensitive files...

BSA-2017-310

Security Advisory ID : BSA-2017-310 Component : Linux Kernel Revision : 1.0: Interim udp.cin the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of arecvsystem call with the MSGPEEK flag...

BSA-2017-267

Security Advisory ID : BSA-2017-267 Component : NTP Revision : 1.0: Interim Thecronjobscript bundled withntppackage is intended to perform cleanup on statistics files produced by NTP daemon running with statistics enabled. The script is run as root during the dailycronjobsall operations on...

BSA-2017-234

Security Advisory ID : BSA-2017-234 Component : Linux Kernel Revision : 2.0: Interim Race condition in net/packet/afpacket.cin the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service use-after-free by leveraging the CAPNETRAW capability to change a socke...

BSA-2017-218

Security Advisory ID : BSA-2017-218 Component : ntp Revision : 1.0: Interim tpddoes not enable trap service by default. If trap service has been explicitly enabled, an attacker can send a specially crafted packet to cause a null pointer dereference that will crashntpd, resulting in a denial of...

UDisks Daemon Vulnerable to Local Privilege Escalation via Negative Index in Loop Device Handler

Udisks is vulnerable to out-of-bounds read due to improper validation of the index parameter in the loop device handler. This could allow an attacker to crash the UDisks daemon or perform local privilege escalation by accessing files owned by privileged users...

libarchive Vulnerable to Memory Corruption via Integer Overflow in 'archive_read_format_rar_seek_data()' Function

A vulnerability has been identified in the libarchive library, specifically within the archivereadformatrarseekdata function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enablin...

Null pointer dereference found in openldap

A vulnerability was found in openldap. This security flaw causes a null pointer dereference in bermemallocx function...

Scan discovered multiple CVEs against glibc

Binary scan of Brocade Fabric OS identified multiple potential CVEs against glibc CVE-2020-6096 An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on ARMv7 targets that utilize the GNU glibc implementation with a negativ...

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

Password Exposure in Brocade Fabric OS before 9.2.1 (CVE-2025-58379)

Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line passwords using commands that may expose higher privilege sensitive information by a lower privileged user...

Directory transversal vulnerability in Brocade Fabric OS before 9.2.1c2 and 9.2.2 through 9.2.2a using various shell commands (CVE-2025-58381)

A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories...

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...

Plain password is logged in the audit logs while executing update-reports-purge-settings.sh script with Brocade SANnav before 2.4.0a (CVE-2025-12773)

A vulnerability in “update-reports-purge-settings.sh” script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade...

Rocky Linux Updates in ASCG 3.3.0a (OVA)

Multiple Rocky Linux updates applied to Brocade ASCG 3.3.0a RockyLinux 8:perl RLSA-2025:11805 perl: Perl threads have a working directory race condition where file operations may target unintended paths CVE-2025-40909 RockyLinux 8:libxslt RLSA-2025:3615 libxslt: Use-After-Free in libxslt numbers....

JSON Web Token (JWT) Exposure in Log Files

Brocade ASCG before 3.3.0 logs JSON Web Tokens JWT in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure. Note: The vulnerability affects both Brocade ASCG...

Multiple Rocky Linux updates applied to Brocade SANnav OVA 2.4.0a

Multiple Rocky Linux updates applied to Brocade SANnav base OS OVA deployment 2.4.0a RockyLinux 8: bind RLSA-2024:5524 BIND's database will be slow if a very large number of RRs exist at the same name CVE-2024-1737 SIG0 can be used to exhaust CPU resources CVE-2024-1975 RockyLinux 8: bind...

Plaintext security passwords are logged in the audit logs while executing openssl cmd (CVE-2025-4662)

Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs an...

Brocade ASCG Vulnerability Disclosures

Brocade Security Advisories posted on May 19, 2026 CVE addressed in ASCG 3.4.0a CVE-2024-24785, CVE-2025-61729, CVE-2025-65637 Security updated provided in Brocade ASCG 3.4.0b for container-tools PSIRT Risk: Medium https://support.broadcom.com/external/content/SecurityAdvisories/0/37500...

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5

e2fsprogs is vulnerable to memory corruption due to an out-of-bounds access issue when running the e2fsck utility. An attacker could exploit this vulnerability by supplying a system with a maliciously crafted filesystem image...

PostgreSQL Memory disclosure in aggregate function calls (CVE-2023-5868)

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

Security Updates Delivered with ASCG v3.0

Dear Brocade Customer: This Advisory aims to inform you of Brocade ASCG security updates in Brocade ASCG v3.0. Please review the recently posted security advisories listed here: Updated Security Advisories to show these are now addressed in Brocade ASCG v3.0 CVE-2018-25032...

BSA-2019-764

Security Advisory ID : BSA-2019-764 Component : OpenSSH Revision : 1.0: Final Use-after-free vulnerability in the mmanswerpamfreectx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to sen...

BSA-2018-514

Security Advisory ID : BSA-2018-514 Component : TLS Implementations Revision : 1.1: Final TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. An attacker could...

BSA-2017-271

Security Advisory ID : BSA-2017-271 Component : MD5 Algorithm Revision : 1.0: Interim The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature...

BSA-2017-247

Security Advisory ID : BSA-2017-247 Component : OpenSSH Revision : 3.0: Final Theauthpasswordfunction inauth-passwd.cinsshdinOpenSSHbefore 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service crypt CPU consumption via a long...

BSA-2017-219

Security Advisory ID : BSA-2017-219 Component : ntp Revision : 1.0: Interim An exploitable configuration modification vulnerability exists in the control mode mode 6 functionality ofntpd. If, against long-standing BCP recommendations, "restrict defaultnoquery..." is not specified, a specially...

BSA-2017-180

Security Advisory ID : BSA-2017-180 Component : BNA Revision : 1.0: Final A Directory Traversal Vulnerability inCliMonitorReportServletin the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive...