879 matches found
BSA-2020-948
Security Advisory ID : BSA-2020-948 Component : OpenSSL Revision : 1.0 Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extensio...
BSA-2021-1481
Security Advisory ID : BSA-2021-1481 Component : IPv6 networking Revision : 1.0 The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface. When IPv6 networking is enabled on t...
BSA-2021-1483
Security Advisory ID : BSA-2021-1483 Component : JMX Revision : 1.0 Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server. Affected Products Brocade SANnav versions before SANnav 2.1...
BSA-2020-950
Security Advisory ID : BSA-2020-950 Component : REST API Revision : 1.0 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier...
BSA-2020-945
Security Advisory ID : BSA-2020-945 Component : SQLite Revision : 1.0 Various SQLite issues seen in SQLite versions through 3.31.1. CVE-2020-11656 - CVSS3.1 - 9.8 In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a...
BSA-2021-1490
Security Advisory ID : BSA-2021-1490 Component : Web Management Interface Revision : 1.1 The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An...
BSA-2021-1440
Security Advisory ID : BSA-2021-1440 Component : OpenSSL Revision : 1.1 An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial...
BSA-2021-1492
Security Advisory ID : BSA-2021-1492 Component : ipfilter Revision : 1.1 The command “ipfilter†in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0CBN4,and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to...
BSA-2021-1485
Security Advisory ID : BSA-2021-1485 Component : Login Response Header Revision : 1.0 Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header. Affected Products Brocade SANnav...
BSA-2021-1487
Security Advisory ID : BSA-2021-1487 Component : Libarchive Revision : 1.0 libarchive 3.3.2 suffers from an out-of-bounds read within lhareaddatanone in archivereadsupportformatlha.c when extracting a specially crafted lha archive, related to lhacrc16. Affected Products Brocade SANnav versions...
BSA-2021-1491
Security Advisory ID : BSA-2021-1491 Component : Web Application Service Revision : 1.0 The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication heade...
BSA-2021-1319
Security Advisory ID : BSA-2021-1319 Component : Brocade SANnav Revision : 1.0: Final Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name. Note: When...
BSA-2021-1291
Security Advisory ID : BSA-2021-1291 Component : SSH Revision : 2.0: Final The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h,v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks...
BSA-2021-1238
Security Advisory ID : BSA-2021-1238 Component : Libgcrypt Revision : 1.0 gcrymdblockwrite in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later...
BSA-2020-1174
Security Advisory ID : BSA-2020-1174 Component : Theft of FireEye Red Team Tools Revision : 1.0 Brocade Security is aware of the news reporting the Theft of FireEye Red Team Tools by a highly sophisticated threat actor. More information atTheft of FireEye Red Team Tools...
BSA-2020-1173
Security Advisory ID : BSA-2020-1173 Component : SolarWinds Orion Platform Supply Chain Attack Revision : 2.0 Brocade Security is aware of active exploitation of SolarWinds® Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if prese...
AMNESIA:33. (BSA-2020-1167)
Security Advisory ID: BSA-2020-1167 Component: Open source TCP/IP stacks. Revision: 1.1 Forescout Research Labs discovered 33 vulnerabilities impacting millions of IoT, OT, and IT devices that present an immediate risk for organizations worldwide.These vulnerabilities are named AMNESIA:33. Detail...
BSA-2020-1158
Security Advisory ID : BSA-2020-1158 Component : LDAP Revision : 1.0 Brocade Fabric OS before v9.0.0 and afterv8.1.0, configured in Virtual Fabric mode contains a weakness in the ldap implementation that could allowa remote ldap user to login in the Brocade Fibre Channel SAN switch with "user"...
BSA-2020-1276
Security Advisory ID : BSA-2020-1276 Component : bzip2recover Revision : 2.0 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service crash via a crafted bzip2 file, related to block ends set to before the start of the block. Affected Produc...
BSA-2020-1080
Security Advisory ID : BSA-2020-1080 Component : seccryptocfg templates Revision : 2.0 Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0CBN3, contains code injection and privilege escalation vulnerability. The vulnerability could allow an unauthenticate...
BSA-2020-1081
Security Advisory ID : BSA-2020-1081 Component : shell variables Revision : 2.0 A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell...
BSA-2020-1082
Security Advisory ID : BSA-2020-1082 Component : REST API Revision : 2.0 Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks. Note:...
BSA-2020-1083
Security Advisory ID : BSA-2020-1083 Component : secccrypptocfg Revision : 2.0 Brocade Fabric OS before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0CBN3, v7.4.2g contains an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow...
BSA-2020-1079
Security Advisory ID : BSA-2020-1079 Component : firmwareDownload Revision : 2.0 A vulnerability in the firmwaredownload operation in Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability i...
BSA-2020-1078
Security Advisory ID : BSA-2020-1078 Component : Supportlink CLI Revision : 2.0 Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An...
BSA-2020-1073
Security Advisory ID : BSA-2020-1073 Component : HTTP Management Interface Revision : 1.1 A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0CBN3, v7.4.2g could allow authenticated attackers...
BSA-2020-1075
Security Advisory ID : BSA-2020-1075 Component : Management Interface Revision : 2.0 A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 or before Brocade Fabric OS v8.2.1could allow a remote attacker to perform a denial of service attack on t...
BSA-2020-1077
Security Advisory ID : BSA-2020-1077 Component : HTTP management interface Revision : 2.0 Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0, v8.2.3 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTT...
BSA-2020-1074
Security Advisory ID : BSA-2020-1074 Component : LDAP injection Revision : 1.0 A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability allows a remote attacker to bypass the authentication process. Affect...
BSA-2020-1084
Security Advisory ID : BSA-2020-1084 Component : Rest API Revision : 2.0 Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input. Note: Brocade Fabric OS versions before v8.2.1 are not affected. Rest API is...
BSA-2020-1076
Security Advisory ID : BSA-2020-1076 Component : Database credentials Revision : 1.1 Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An unauthenticated malicious user with access to th...
BSA-2020-1053
Security Advisory ID : BSA-2020-1053 Component : GRUB2 Revision : 1.0: Initial Security Researchers from Eclypsium disclosed “BootHole.” 1, 2.“BootHole” vulnerability in the GRUB2 bootloader opens up Windows and Linux devices using Secure Boot to attack. All operating systems using GRUB2 with...
BSA-2020-1051
Security Advisory ID : BSA-2020-1051 Component : Windows DNS Revision : 1.0: Final A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in th...
BSA-2020-1044
Security Advisory ID : BSA-2020-1044 Component : Apache Tomcat Revision : 1.0: Final When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able ...
BSA-2020-1043
Security Advisory ID : BSA-2020-1043 Component : Apache Tomcat Revision : 1.0: Final When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially...
BSA-2020-1046
Security Advisory ID : BSA-2020-1046 Component : Apache Tomcat Revision : 1.0: Final When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting to '/foo/' when the user requested '/foo' a speciall...
BSA-2020-1045
Security Advisory ID : BSA-2020-1045 Component : Apache Tomcat Revision : 1.0: Final The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The...
BSA-2020-1028
Security Advisory ID : BSA-2020-1028 Component : Call Stranger Revision : 1.0: Final A vulnerability in the UPnP SUBSCRIBE capability permits an attacker to send large amounts of data to arbitrary destinations accessible over the Internet, which could lead to a Distributed Denial of Service DDoS,...
BSA-2020-1019
Security Advisory ID : BSA-2020-1019 Component : Treck IP stack Revision : 1.0: Final Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls themRipple20. More information is...
BSA-2020-937
Security Advisory ID : BSA-2020-937 Component : lldpd Revision : 1.0: Final Buffer overflow in the lldpdecode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via vectors involving large...
BSA-2020-936
Security Advisory ID : BSA-2020-936 Component : SMBv3 Revision : 1.0: Final Microsoft SMBv3 contains a vulnerability in the handling of compression, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Server Message Block 3.1....
BSA-2020-926
Security Advisory ID : BSA-2020-926 Component : openfortivpn Revision : 1.0: Final tunnel.c mishandles certificate validation in openfortivpn 1.11.0 due to multiples issues. CVE-2020-7041 An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles...
BSA-2020-907
Security Advisory ID : BSA-2020-907 Component : Intel Revision : 1.0: Final A potential security vulnerability in Intel® Processor Graphics may allow information disclosure.Intel is releasing software updates to mitigate this potential vulnerability. More at:...
CVE-2019-19317, CVE-2019-19603, CVE-2019-19880 - Multiple vulnerabilities in SQLite 3.30.1. (BSA-2020-895).
Security Advisory ID: BSA-2020-895 Component: SQLite Revision : 2.0: Final Multiplevulnerabilities inSQLite 3.30.1 CVE-2019-19317 lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or...
BSA-2020-908
Security Advisory ID : BSA-2020-908 Component : Linux Kernel Revision : 1.0: Final In the Linux kernel before 5.1.6, there is a use-after-free incpia2exit in drivers/media/usb/cpia2/cpia2v4l.c that will cause denial of service, aka CID-dea37a972655. Impact: Successful exploitation of this...
BSA-2020-910
Security Advisory ID : BSA-2020-910 Component : Linux Kernel Revision : 1.0: Final In the Linux kernel through 5.4.6, there are information leaks ofuninitialized memory to a USB device in thedrivers/net/can/usb/kvaserusb/kvaserusbleaf.c driver, aka CID-da2311a6385c. Impact: Successful exploitatio...
BSA-2020-912
Security Advisory ID : BSA-2020-912 Component : Linux Kernel Revision : 1.0: Final An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the...
BSA-2020-918
Security Advisory ID : BSA-2020-918 Component : Linux Kernel Revision : 1.0: Final The Linux kernel before 2.4.36-rc1 has a race condition. It was possibleto bypass systrace policies by flooding the ptraced process with SIGCONTsignals, which can can wake up a PTRACED process...
BSA-2020-915
Security Advisory ID : BSA-2020-915 Component : Linux Kernel Revision : 1.0: Final mwifiextmcmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a...
BSA-2020-906
Security Advisory ID : BSA-2020-906 Component : authentication Revision : 1.0: Final Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client. The argumen...