875 matches found
BSA-2020-948
Security Advisory ID : BSA-2020-948 Component : OpenSSL Revision : 1.0 Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extensio...
BSA-2021-1483
Security Advisory ID : BSA-2021-1483 Component : JMX Revision : 1.0 Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server. Affected Products Brocade SANnav versions before SANnav 2.1...
BSA-2021-1486
Security Advisory ID : BSA-2021-1486 Component : File Listing Revision : 1.0 Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create...
BSA-2021-1495
Security Advisory ID : BSA-2021-1495 Component : CLI Revision : 1.0 Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations. Affected Products Brocade...
BSA-2021-1484
Security Advisory ID : BSA-2021-1484 Component : hard-coded administrator account Revision : 1.0 Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time. Affected Products Brocade...
BSA-2020-1037
Security Advisory ID : BSA-2020-1037 Component : Docker Engine Revision : 1.0 An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAPNETRAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive...
BSA-2020-1130
Security Advisory ID : BSA-2020-1130 Component : NGINX Revision : 1.0 NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load...
BSA-2021-1319
Security Advisory ID : BSA-2021-1319 Component : Brocade SANnav Revision : 1.0: Final Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name. Note: When...
BSA-2021-1291
Security Advisory ID : BSA-2021-1291 Component : SSH Revision : 2.0: Final The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h,v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks...
BSA-2021-1238
Security Advisory ID : BSA-2021-1238 Component : Libgcrypt Revision : 1.0 gcrymdblockwrite in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later...
BSA-2020-1174
Security Advisory ID : BSA-2020-1174 Component : Theft of FireEye Red Team Tools Revision : 1.0 Brocade Security is aware of the news reporting the Theft of FireEye Red Team Tools by a highly sophisticated threat actor. More information atTheft of FireEye Red Team Tools...
BSA-2020-1173
Security Advisory ID : BSA-2020-1173 Component : SolarWinds Orion Platform Supply Chain Attack Revision : 2.0 Brocade Security is aware of active exploitation of SolarWinds® Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if prese...
AMNESIA:33. (BSA-2020-1167)
Security Advisory ID: BSA-2020-1167 Component: Open source TCP/IP stacks. Revision: 1.1 Forescout Research Labs discovered 33 vulnerabilities impacting millions of IoT, OT, and IT devices that present an immediate risk for organizations worldwide.These vulnerabilities are named AMNESIA:33. Detail...
BSA-2020-1158
Security Advisory ID : BSA-2020-1158 Component : LDAP Revision : 1.0 Brocade Fabric OS before v9.0.0 and afterv8.1.0, configured in Virtual Fabric mode contains a weakness in the ldap implementation that could allowa remote ldap user to login in the Brocade Fibre Channel SAN switch with "user"...
BSA-2020-1276
Security Advisory ID : BSA-2020-1276 Component : bzip2recover Revision : 2.0 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service crash via a crafted bzip2 file, related to block ends set to before the start of the block. Affected Produc...
BSA-2020-1080
Security Advisory ID : BSA-2020-1080 Component : seccryptocfg templates Revision : 2.0 Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0CBN3, contains code injection and privilege escalation vulnerability. The vulnerability could allow an unauthenticate...
BSA-2020-1083
Security Advisory ID : BSA-2020-1083 Component : secccrypptocfg Revision : 2.0 Brocade Fabric OS before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0CBN3, v7.4.2g contains an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow...
BSA-2020-1082
Security Advisory ID : BSA-2020-1082 Component : REST API Revision : 2.0 Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks. Note:...
BSA-2020-1073
Security Advisory ID : BSA-2020-1073 Component : HTTP Management Interface Revision : 1.1 A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0CBN3, v7.4.2g could allow authenticated attackers...
BSA-2020-1078
Security Advisory ID : BSA-2020-1078 Component : Supportlink CLI Revision : 2.0 Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An...
BSA-2020-1075
Security Advisory ID : BSA-2020-1075 Component : Management Interface Revision : 2.0 A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 or before Brocade Fabric OS v8.2.1could allow a remote attacker to perform a denial of service attack on t...
BSA-2020-1077
Security Advisory ID : BSA-2020-1077 Component : HTTP management interface Revision : 2.0 Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0, v8.2.3 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTT...
BSA-2020-1084
Security Advisory ID : BSA-2020-1084 Component : Rest API Revision : 2.0 Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input. Note: Brocade Fabric OS versions before v8.2.1 are not affected. Rest API is...
BSA-2020-1079
Security Advisory ID : BSA-2020-1079 Component : firmwareDownload Revision : 2.0 A vulnerability in the firmwaredownload operation in Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability i...
BSA-2020-1081
Security Advisory ID : BSA-2020-1081 Component : shell variables Revision : 2.0 A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell...
BSA-2020-1074
Security Advisory ID : BSA-2020-1074 Component : LDAP injection Revision : 1.0 A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability allows a remote attacker to bypass the authentication process. Affect...
BSA-2020-1076
Security Advisory ID : BSA-2020-1076 Component : Database credentials Revision : 1.1 Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An unauthenticated malicious user with access to th...
BSA-2020-1053
Security Advisory ID : BSA-2020-1053 Component : GRUB2 Revision : 1.0: Initial Security Researchers from Eclypsium disclosed “BootHole.” 1, 2.“BootHole” vulnerability in the GRUB2 bootloader opens up Windows and Linux devices using Secure Boot to attack. All operating systems using GRUB2 with...
BSA-2020-1051
Security Advisory ID : BSA-2020-1051 Component : Windows DNS Revision : 1.0: Final A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in th...
BSA-2020-1046
Security Advisory ID : BSA-2020-1046 Component : Apache Tomcat Revision : 1.0: Final When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting to '/foo/' when the user requested '/foo' a speciall...
BSA-2020-1043
Security Advisory ID : BSA-2020-1043 Component : Apache Tomcat Revision : 1.0: Final When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially...
BSA-2020-1044
Security Advisory ID : BSA-2020-1044 Component : Apache Tomcat Revision : 1.0: Final When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able ...
BSA-2020-1045
Security Advisory ID : BSA-2020-1045 Component : Apache Tomcat Revision : 1.0: Final The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The...
BSA-2020-1019
Security Advisory ID : BSA-2020-1019 Component : Treck IP stack Revision : 1.0: Final Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls themRipple20. More information is...
BSA-2020-1028
Security Advisory ID : BSA-2020-1028 Component : Call Stranger Revision : 1.0: Final A vulnerability in the UPnP SUBSCRIBE capability permits an attacker to send large amounts of data to arbitrary destinations accessible over the Internet, which could lead to a Distributed Denial of Service DDoS,...
BSA-2020-936
Security Advisory ID : BSA-2020-936 Component : SMBv3 Revision : 1.0: Final Microsoft SMBv3 contains a vulnerability in the handling of compression, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Server Message Block 3.1....
BSA-2020-937
Security Advisory ID : BSA-2020-937 Component : lldpd Revision : 1.0: Final Buffer overflow in the lldpdecode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via vectors involving large...
BSA-2020-926
Security Advisory ID : BSA-2020-926 Component : openfortivpn Revision : 1.0: Final tunnel.c mishandles certificate validation in openfortivpn 1.11.0 due to multiples issues. CVE-2020-7041 An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles...
CVE-2019-19317, CVE-2019-19603, CVE-2019-19880 - Multiple vulnerabilities in SQLite 3.30.1. (BSA-2020-895).
Security Advisory ID: BSA-2020-895 Component: SQLite Revision : 2.0: Final Multiplevulnerabilities inSQLite 3.30.1 CVE-2019-19317 lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or...
BSA-2020-907
Security Advisory ID : BSA-2020-907 Component : Intel Revision : 1.0: Final A potential security vulnerability in Intel® Processor Graphics may allow information disclosure.Intel is releasing software updates to mitigate this potential vulnerability. More at:...
BSA-2020-910
Security Advisory ID : BSA-2020-910 Component : Linux Kernel Revision : 1.0: Final In the Linux kernel through 5.4.6, there are information leaks ofuninitialized memory to a USB device in thedrivers/net/can/usb/kvaserusb/kvaserusbleaf.c driver, aka CID-da2311a6385c. Impact: Successful exploitatio...
BSA-2020-912
Security Advisory ID : BSA-2020-912 Component : Linux Kernel Revision : 1.0: Final An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the...
BSA-2020-908
Security Advisory ID : BSA-2020-908 Component : Linux Kernel Revision : 1.0: Final In the Linux kernel before 5.1.6, there is a use-after-free incpia2exit in drivers/media/usb/cpia2/cpia2v4l.c that will cause denial of service, aka CID-dea37a972655. Impact: Successful exploitation of this...
BSA-2020-915
Security Advisory ID : BSA-2020-915 Component : Linux Kernel Revision : 1.0: Final mwifiextmcmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a...
BSA-2020-918
Security Advisory ID : BSA-2020-918 Component : Linux Kernel Revision : 1.0: Final The Linux kernel before 2.4.36-rc1 has a race condition. It was possibleto bypass systrace policies by flooding the ptraced process with SIGCONTsignals, which can can wake up a PTRACED process...
BSA-2020-905
Security Advisory ID : BSA-2020-905 Component : authentication Revision : 1.0: Final Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server. When using certain CL...
BSA-2020-906
Security Advisory ID : BSA-2020-906 Component : authentication Revision : 1.0: Final Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client. The argumen...
BSA-2020-896
Security Advisory ID : BSA-2020-896 Component : spectrum analyzer Revision : 1.0: Final A group of Security Researchers havereleased a vulnerability namedCable Haunt. According to the researchers,Cable Haunt was found in Broadcom Cable modems and affects various manufacturers across the world. Mo...
BSA-2020-893
Security Advisory ID : BSA-2020-893 Component : OpenSSL Revision : 2.0: Final There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and...
BSA-2019-888
Security Advisory ID : BSA-2019-888 Component : Eclipse OpenJ9 Revision : 1.0: Final From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks...