Libssh: incorrect return code handling in ssh_kdf() in libssh

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

Pip Vulnerable to Path Traversal via Lack of Symbolic Link Validation in 'unpacking.py‎' File

Pip is vulnerable to path traversal due to a lack of validation for symbolic links when Pip is used with instances of python which do not implement PEP 706. This could allow a remote attacker to extract a tar file outside of the intended directory...

GNU tar mishandled extension attributes in a PAX archive

In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c...

Glib GVariant deserialization fails to validate input

A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service...

Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem

A vulnerability was found in the Linux kernel's blockinvalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service DOS problem...

Information disclosure in Brocade Fabric OS before 9.2.1c2, 9.2.2 through 9.2.2a and 10.0.0 (CVE-2026-0383)

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command...

Privilege escalation via bind command in Brocade Fabric OS (CVE-2025-58383)

A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands...

Plain text pbe key visible in audit log during Brocade SANnav migration from 2.4.0a to 3.0.0 (CVE-2025-12679)

A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption PBE key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key. Note: The vulnerability is only triggered duri...

Brocade SANnav DataBase password in plain text is logged in failover logs (CVE-2025-12680)

Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby Brocade SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read th...

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58...

libcurl's ASN1 parser code has the GTime2str() function, used for parsing an ASN.1 (CVE-2024-7264)

A flaw was found in libcurl, where libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the time fraction , leading to a strlen performed on a pointer to a heap...

Nessus detected vulnerability in the Brocade OVA base image (CVE-2025-21991)

In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, loadmicrocodeamd iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the first CPU of each mask...

Curl vulnerabilities detected in SANnav images (CVE-2025-4947, CVE-2025-5025)

The Curl vulnerabilities identified are located within open source components utilized by Brocade SANnav, however the vulnerable code is not compiled into the final product. As a part of good security practice, the open source component was updated in the SANnav 3.0.0 release. CVE-2025-4947 libcu...

Low-level invalid GF(2^m) parameters lead to OOB memory access

Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution,...

Libexpat: expat: improper restriction of xml entity expansion depth in libexpat

Libexpat contains a denial-of-service DoS vulnerability. A remote attacker could exploit this by chaining together an excessive number of general entities. Malicious use of this linear entity chain would subsequently result in uncontrolled recursion, leading to a stack overflow and crash...

Certifi Vulnerable to Insufficient Verification of Data Authenticity via GlobalTrust Root Certificate

Certifi contains an insufficient verification of data authenticity vulnerability. The withdrawal of the GLOBALTRUST root certificate has been performed. This could result in users experiencing compliance issues. Products Not Affected Brocade Fabric OS VEX Justification: Componentnotpresent Brocad...

Medium Strength Cipher Suites detected on port on ports 9000 and 8036

Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on ports 9000 and 8036. Those ports are internal ports...

Multiple vulnerabilities detected in PostgreSQL

Multiple PostgreSQL vulnerability updates CVE-2025-1094-PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2024-10979-PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10978-PostgreSQL SET ROLE, SET SESSION AUTHORIZATI...

BSA-2020-1166

Security Advisory ID : BSA-2020-1166 Component : OpenSSL Revision : 1.0 The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a...

BSA-2017-328

Security Advisory ID : BSA-2017-328 Component : JAVA SE Networking Revision : 3.0: Final Vulnerability in the Java SE, Java SE Embedded,JRockitcomponent of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded:...

BSA-2017-322

Security Advisory ID : BSA-2017-322 Component : JAVA SE AWT Revision : 3.0: Final Vulnerability in the Java SE component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with...

BSA-2017-321

Security Advisory ID : BSA-2017-321 Component : JAVA SE Revision : 3.0: Final Vulnerability in the Java SE component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker wi...

BSA-2017-259

Security Advisory ID : BSA-2017-259 Component : Weak ciphers such as RC4-MD5 Revision : 1.0: Interim If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually...

BSA-2017-247

Security Advisory ID : BSA-2017-247 Component : OpenSSH Revision : 3.0: Final Theauthpasswordfunction inauth-passwd.cinsshdinOpenSSHbefore 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service crypt CPU consumption via a long...

BSA-2017-222

Security Advisory ID : BSA-2017-222 Component : ntp Revision : 1.0: Interim Windows:ntpdDoSby oversized UDP packet. Class:Failure to Handle Exceptional Conditions. Affected Products Product| Current Assessment ---|--- Brocade 5600vRouter| Impacted: Fixed in 17.1.0...

BSA-2017-223

Security Advisory ID : BSA-2017-223 Component : ntp Revision : 1.0: Interim Zero Origin timestamp problems were fixed by Bug 2945 in ntp-4.2.8p6. However, subsequent timestamp validation checks introduced a regression in the handling of some Zero origin timestamp checks. Affected Products Product...

BSA-2017-178

Security Advisory ID : BSA-2017-178 Component : BNA Revision : 1.0: Final A Directory Traversal Vulnerability inDashboardFileReceiveServletin the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload malicious file in a section of the file...

The allocate_structures function insufficiently checks bounds before arithmetic multiplication

sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocatestructures contains a sizet overflow in sacommon.c. The allocatestructures function insufficiently checks bounds before arithmetic...

A heap out-of-bounds read flaw was found in builtin.c in the gawk package

A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information...

PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13,...

Oracle Java SE Updates (July 2025)

Oracle Java SE Multiple Vulnerabilities July 2025 CVE-2025-50059 CVE-2025-30749 CVE-2025-50106 CVE-2025-23166 CVE-2025-30754...

libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time

libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time...

Multiple Vulnerabilities in Node.js (Wednesday, May 14, 2025 Security Releases). Nessus Plugin ID 236766

In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory...

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service

CVE-2019-9704 Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service daemon crash via a large crontab file because the calloc return value is not checked. CVE-2019-9705 Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of...

Plaintext Switch admin login password is seen in Brocade SANnav support save (CVE-2025-12772)

Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The...

The DisableForwarding directive does not fully adhere to the intended functionality as documented (CVE-2025-32728).

Brocade has become aware of an Expected Behavior Violation vulnerability in OpenSSH releases 7.4 through 9.9. In affected versions of sshd, the DisableForwarding directive does not disable X11 and agent forwarding, which may allow unintended access under certain configurations...

Kernel OVA security updates in ASCG 3.3.0a

CVE-2025-21756 vsock: Keep the binding until socket destruction CVE-2022-49011 hwmon: coretemp fix pci device refcount leak in nv1aramnew CVE-2024-53141 netfilter: ipset: add missing range check in bitmapipuadt CVE-2025-32462 Sudo before 1.9.17p1, when used with a sudoers file that specifies a ho...

Improper Privilege Management vulnerability in Apache Kafka Client

Apache Kafka Clients are vulnerable to improper privilege management due to the use of ConfigProvider plugins that can read from disk or environment variables. This could allow an attacker to read arbitrary contents of the disk and environment variables, potentially escalating from REST API acces...

Difficult to exploit Java SDK Updates in ASCG

Difficult to exploit vulnerabilities in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9,...

Oracle Java SE Multiple Vulnerabilities (January 2025)

Oracle Java SE Multiple Vulnerabilities January 2025 CVE-2025-0509 CVSS 3.1 Base Score 7.3 CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H Brocade SANnav not affected: VEX Justification: Vulnerablecodenotpresent CVE-2025-21502 CVSS 3.1 Base Score 4.8 CVSS Vector:...

Path traversal vulnerability in functional web frameworks (CVE-2024-38819)

Spring Framework is vulnerable to a path traversal issue due to a lack of sufficient sanitization of path sequences processed by the WebMvc.fn or WebFlux.fn functional web frameworks. A remote attacker could submit crafted HTTP requests to an application that serves static resources through the...

Statement on Jetty vulnerabilities in Brocade SANav

A Security Researcher performing penetration testing raises CVEs in the Jetty version used by Brocade SANnav v2.1.1. Brocade Statement All supported versions of Brocade SANnav do not directly use Jetty. The code is present within some versions of the SANnav product as it is contained within other...

BSA-2017-426

Security Advisory ID : BSA-2017-426 Component : OpenSSL Revision : 1.0: Interim While parsing anIPAddressFamilyextension in an X.509 certificate, it is possible to do a one-byteoverread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is...

BSA-2017-333

Security Advisory ID : BSA-2017-333 Component : zlib Revision : 1.0: Interim inftrees.cinzlib1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Affected Products Product| Current Assessment ---|--- Brocade Virtual Web Application...

BSA-2017-330

Security Advisory ID : BSA-2017-330 Component : JAVA SE Networking Revision : 3.0: Final Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121;...

BSA-2017-332

Security Advisory ID : BSA-2017-332 Component : IBM JDK Revision : 3.0: Final IBM JDK versions 6.0.16.45, 7.0.10.5, 7.1.4.5, and 8.0.4.5 correct a security issue. IBMSDK, Java Technology Edition is vulnerable XML External Entity Injection XXE error when processing XML data. A remote attacker coul...

BSA-2017-349

Security Advisory ID : BSA-2017-349 Component : SUDO Revision : 2.0: Interim A flaw was found in the waysudoparsedttyinformation from the process status file in the proc filesystem. A local user with privileges to execute commands viasudocould use this flaw to escalate their privileges to root...

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this...

Privilege escalation in Brocade Fabric before 9.2.1c2 and 9.2.2 through 9.2.2a (CVE-2025-58382)

A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands as root using “supportsave”, “seccertmgmt”, “configupload...

Directory transversal vulnerability in Brocade Fabric OS before 9.2.1 using grep command (CVE-2025-58380)

A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories...