875 matches found
BSA-2022-1836
Security Advisory ID : BSA-2022-1836 Component : Oracle Java Revision : 1.0 Vulnerability in the Java SE product of Oracle Java SE component: JNDI. The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
BSA-2022-1979
Security Advisory ID : BSA-2022-1979 Component : Encryption Revision : 1.0 In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the...
BSA-2022-1835
Security Advisory ID : BSA-2022-1835 Component : Oracle Java Revision : 1.0 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition:...
BSA-2022-765
Security Advisory ID : BSA-2022-765 Component : OpenSSL Revision : 1.0 If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0-byte record is...
BSA-2022-1516
Security Advisory ID : BSA-2022-1516 Component : NGNIX Revision : 1.0 A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...
BSA-2022-1844
Security Advisory ID : BSA-2022-1844 Component : RBAC Revision : 1.0 A vulnerability in the role-based access control RBAC functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions...
BSA-2022-1842
Security Advisory ID : BSA-2022-1842 Component : Zone Management Revision : 1.0 In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands. Affected Products. Brocade SANnav...
BSA-2022-1843
Security Advisory ID : BSA-2022-1843 Component : Password Encryption Revision : 1.0 Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords. Affecte...
BSA-2022-1841
Security Advisory ID : BSA-2022-1841 Component : REST API Revision : 1.0 Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. Affected Products. Brocade SANnav - Fixed in Brocade SANnav 2.2.0...
BSA-2022-1838
Security Advisory ID : BSA-2022-1838 Component : H2 Revision : 1.0 H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. Affected Products. Brocade SANnav - Fixed in Brocade SANnav 2.2.0...
BSA-2022-1837
Security Advisory ID : BSA-2022-1837 Component : H2 Revision : 1.0 An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files outside of their permissions via a symlink to a fake database file. Affected Products. Brocade...
BSA-2022-1839
Security Advisory ID : BSA-2022-1839 Component : Apache Tomcat Revision : 1.0 When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is...
BSA-2022-1840
Security Advisory ID : BSA-2022-1840 Component : debug mode Revision : 1.0 An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in...
BSA-2022-1832
Security Advisory ID : BSA-2022-1832 Component : NGINX Revision : 1.0 Brocade PSIRT has become aware of thesecurity vulnerabilities in the NGINX LDAP reference implementation publicly shared on09 April 2022. More information is available at "Addressing Security Weaknesses in the NGINX LDAP...
BSA-2022-1770
Security Advisory ID : BSA-2022-1770 Component : SpringSource Spring Framework Revision : 1.0 CVE-2010-1622: SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing...
BSA-2022-1769
Security Advisory ID : BSA-2022-1769 Component : Spring Framework RCE Revision : 1.0 Brocade PSIRT has become aware ofan RCE vulnerability in the Spring Framework. A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. More...
BSA-2022-1768
Security Advisory ID : BSA-2022-1768 Component : Spring Cloud Revision : 1.0 In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in...
BSA-2022-1763
Security Advisory ID : BSA-2022-1763 Component : InsydeH2O firmware framework code Revision : 1.0 Brocade has become aware ofseveral 23 memory management vulnerabilities that were disclosed by Binarly.Insyde's H2O UEFI firmware contains several 23 high-impact vulnerabilities.These vulnerabilities...
License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, (CVE-2021-27795)
Security Advisory ID : BSA-2022-1758 Component : Brocade Fabric OS License Revision : 2.0 Brocade Fabric OS FOS hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of...
BSA-2022-1747
Security Advisory ID : BSA-2022-1747 Component : Kernel Revision : 1.0 A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An...
BSA-2022-1675
Security Advisory ID : BSA-2022-1675 Component : logback Revision : 1.0 In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. Brocade has...
BSA-2022-1680
Security Advisory ID : BSA-2022-1680 Component : Apache Log4j Revision : 2.0 CVE-2022-23302 is a high severity deserialization vulnerability in JMSSink. JMSSink uses JNDI in an unprotected manner allowing any application using the JMSSink to be vulnerable if it is configured to reference an...
BSA-2021-1722
Security Advisory ID : BSA-2021-1722 Component : hard-coded credentials Revision : 1.0 Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the...
BSA-2021-1721
Security Advisory ID : BSA-2021-1721 Component : shell Revision : 1.0 A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment rbash as either the “user†or “factory†account, to...
BSA-2021-1658
Security Advisory ID : BSA-2021-1658 Component : JDBC Appender in Apache Log4j Revision : 1.0 Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI...
BSA-2021-1655
Security Advisory ID : BSA-2021-1655 Component : Apache Log4j StrSubstitutor Revision : 1.0 Apache Log4j2 versions 2.0-alpha1 through 2.16.0, excluding 2.12.3, did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layo...
BSA-2021-1651
Security Advisory ID : BSA-2021-1651 Component : Apache Log4j Revision : 4.0 Brocade Security has become aware of Apache Log4j version 2.x remote code execution vulnerability CVE-2021-44228. Additional vulnerabilities CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832 have also been identified...
BSA-2021-1652
Security Advisory ID : BSA-2021-1652 Component : JMSAppender in Log4j 1.2 Revision : 1.0 CVE-2021-4104 - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and...
BSA-2021-1552
Security Advisory ID : BSA-2021-1552 Component : Authentication Revision : 1.0: Final A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through...
BSA-2021-1553
Security Advisory ID : BSA-2021-1553 Component : TACACS+ Revision : 1.0: Final Intermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OSbefore Brocade Fabric OS v8.2.3a and after v8.2.0 could cause...
BSA-2021-1013
Security Advisory ID : BSA-2021-1013 Component : Telnet Revision : 1.0: Final A vulnerability was found where incorrect bounds checks in the telnet server’s telnetd handling of short writes and urgent data, could lead to information disclosure and corruption of heap data. An unauthenticated...
BSA-2021-1491
Security Advisory ID : BSA-2021-1491 Component : Web Application Service Revision : 1.0 The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication heade...
BSA-2020-972
Security Advisory ID : BSA-2020-972 Component : jQuery Revision : 1.0 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untruste...
BSA-2021-1480
Security Advisory ID : BSA-2021-1480 Component : Webtools Revision : 1.0 Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration;this is commonly referred to as Server-Side Request Forgery SSRF. Attackers can utili...
BSA-2021-1487
Security Advisory ID : BSA-2021-1487 Component : Libarchive Revision : 1.0 libarchive 3.3.2 suffers from an out-of-bounds read within lhareaddatanone in archivereadsupportformatlha.c when extracting a specially crafted lha archive, related to lhacrc16. Affected Products Brocade SANnav versions...
BSA-2021-1481
Security Advisory ID : BSA-2021-1481 Component : IPv6 networking Revision : 1.0 The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface. When IPv6 networking is enabled on t...
BSA-2020-950
Security Advisory ID : BSA-2020-950 Component : REST API Revision : 1.0 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier...
BSA-2020-945
Security Advisory ID : BSA-2020-945 Component : SQLite Revision : 1.0 Various SQLite issues seen in SQLite versions through 3.31.1. CVE-2020-11656 - CVSS3.1 - 9.8 In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a...
BSA-2020-973
Security Advisory ID : BSA-2020-973 Component : jQuery Revision : 1.0 In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e..html, .append, and others...
BSA-2021-1482
Security Advisory ID : BSA-2021-1482 Component : Logging Revision : 1.0 Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level. Affected Products Brocade SANnav versions before SANnav 2.1.1...
BSA-2019-827
Security Advisory ID : BSA-2019-827 Component : Kernel Revision : 1.0 Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use...
BSA-2021-1493
Security Advisory ID : BSA-2021-1493 Component : CLI Revision : 1.1 A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0CBN4,and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files. Affected Products...
BSA-2021-1492
Security Advisory ID : BSA-2021-1492 Component : ipfilter Revision : 1.1 The command “ipfilter†in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0CBN4,and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to...
BSA-2021-1440
Security Advisory ID : BSA-2021-1440 Component : OpenSSL Revision : 1.1 An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial...
Brocade Fabric OS Web application service fails to properly process malformed authentication headers resulting in reading memory addresses outside the intended range. (CVE-2021-27791)
Security Advisory ID : BSA-2021-1491 Component : Web Application Service Revision : 1.1 The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication heade...
BSA-2021-1485
Security Advisory ID : BSA-2021-1485 Component : Login Response Header Revision : 1.0 Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header. Affected Products Brocade SANnav...
BSA-2020-1166
Security Advisory ID : BSA-2020-1166 Component : OpenSSL Revision : 1.0 The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a...
BSA-2021-1494
Security Advisory ID : BSA-2021-1494 Component : WebApplication Revision : 1.0 The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has...
BSA-2021-1496
Security Advisory ID : BSA-2021-1496 Component : config and secnotify processes Revision : 1.0 Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of...
BSA-2021-1490
Security Advisory ID : BSA-2021-1490 Component : Web Management Interface Revision : 1.1 The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An...