879 matches found
BSA-2017-361
Security Advisory ID : BSA-2017-361 Component : Apache HTTPD Revision : 2.0: Final In Apachehttpd2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of theapgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed...
BSA-2017-377
Security Advisory ID : BSA-2017-377 Component : Apache HTTPD Revision : 3.0: Final In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by...
BSA-2017-381
Security Advisory ID : BSA-2017-381 Component : OpenVPN Revision : 1.0: Interim OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. Affected Products Brocade is investigatin...
BSA-2017-363
Security Advisory ID : BSA-2017-363 Component : Apache Revision : 1.0: Interim A maliciously constructed HTTP/2 request could cause modhttp2 to dereference a NULL pointer and crash the server process. Affected Products Brocade is investigating its product lines to determine which products may be...
BSA-2017-395
Security Advisory ID : BSA-2017-395 Component : PostgreSQL Revision : 1.0: Interim An authorization flaw was found in the way PostgreSQL handled access to the pgusermappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords from the use...
BSA-2017-411
Security Advisory ID : BSA-2017-411 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit...
BSA-2017-405
Security Advisory ID : BSA-2017-405 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable...
BSA-2017-401
Security Advisory ID : BSA-2017-401 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit:...
BSA-2017-365
Security Advisory ID : BSA-2017-365 Component : Apache Revision : 1.0: Interim In Apachehttpd2.2.x before 2.2.33 and 2.4.x before 2.4.26,modmimecan read one byte past the end of a buffer when sending a malicious Content-Type response header. Affected Products Brocade is investigating its product...
BSA-2017-378
Security Advisory ID : BSA-2017-378 Component : OpenVPN Revision : 1.0: Interim OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. Affected Products Brocade is investigating its product lines to determine which products...
BSA-2017-402
Security Advisory ID : BSA-2017-402 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit:...
BSA-2017-380
Security Advisory ID : BSA-2017-380 Component : OpenVPN Revision : 1.0: Interim OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension. Affected Products Brocade is...
BSA-2017-396
Security Advisory ID : BSA-2017-396 Component : PostgreSQL Revision : 1.0: Interim An authorization flaw was found in the way PostgreSQL handled large objects. A remote authenticated attacker with no privileges on a large object could potentially use this flaw to overwrite the entire content of t...
BSA-2017-407
Security Advisory ID : BSA-2017-407 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable...
BSA-2017-410
Security Advisory ID : BSA-2017-410 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable...
BSA-2017-404
Security Advisory ID : BSA-2017-404 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit:...
BSA-2017-399
Security Advisory ID : BSA-2017-399 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacke...
BSA-2017-409
Security Advisory ID : BSA-2017-409 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit...
BSA-2017-398
Security Advisory ID : BSA-2017-398 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromis...
BSA-2017-406
Security Advisory ID : BSA-2017-406 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable...
BSA-2017-408
Security Advisory ID : BSA-2017-408 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit:...
BSA-2017-362
Security Advisory ID : BSA-2017-362 Component : Apache Revision : 1.0: Interim In Apachehttpd2.2.x before 2.2.33 and 2.4.x before 2.4.26,modsslmay dereference a NULL pointer when third-party modules callaphookprocessconnection during an HTTP request to an HTTPS port. Affected Products Brocade is...
BSA-2017-394
Security Advisory ID : BSA-2017-394 Component : PostgreSQL Revision : 1.0: Interim It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain...
BSA-2017-371
Security Advisory ID : BSA-2017-371 Component : OpenSSH Revision : 1.0: Interim ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an ...
BSA-2017-379
Security Advisory ID : BSA-2017-379 Component : OpenVPN Revision : 1.0: Interim OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. Affected Products Brocade is investigating its product...
BSA-2017-400
Security Advisory ID : BSA-2017-400 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit:...
BSA-2017-358
Security Advisory ID : BSA-2017-358 Component : Offset2lib Patch Protection Bypass Revision : 2.0: Interim The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to beexecve'edwith 1GB of arguments or environmental strings then the stack occupies the...
BSA-2017-500
Security Advisory ID : BSA-2017-500 Component : Apache HTTPD Revision : 1.0: Final It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decryp...
BSA-2017-335
Security Advisory ID : BSA-2017-335 Component : zlib Revision : 2.0: Interim The C standard says that bit shifts of negative integers is undefined. This casts to unsigned values to assure a known result. Affected Products Product| Current Assessment ---|--- Brocade Virtual Web Application Firewal...
BSA-2017-342
Security Advisory ID : BSA-2017-342 Component : Freeradius Revision : 2.0: Interim The TLS session cache inFreeRADIUS2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remo...
BSA-2017-326
Security Advisory ID : BSA-2017-326 Component : Linux Kernel Revision : 2.0: Interim It was found that thepacketsetring function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAPNETRAW capability could use this flaw to...
BSA-2017-331
Security Advisory ID : BSA-2017-331 Component : JAVA SE Security Revision : 3.0: Final Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to...
BSA-2017-332
Security Advisory ID : BSA-2017-332 Component : IBM JDK Revision : 3.0: Final IBM JDK versions 6.0.16.45, 7.0.10.5, 7.1.4.5, and 8.0.4.5 correct a security issue. IBMSDK, Java Technology Edition is vulnerable XML External Entity Injection XXE error when processing XML data. A remote attacker coul...
BSA-2017-325
Security Advisory ID : BSA-2017-325 Component : JAVA SE JAXP Revision : 3.0: Final Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit:...
BSA-2017-349
Security Advisory ID : BSA-2017-349 Component : SUDO Revision : 2.0: Interim A flaw was found in the waysudoparsedttyinformation from the process status file in the proc filesystem. A local user with privileges to execute commands viasudocould use this flaw to escalate their privileges to root...
BSA-2017-343
Security Advisory ID : BSA-2017-343 Component : Kernel Revision : 3.0: Final The ip6appenddata function in net/ipv6/ip6output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite ofanskbdata structure may occur, which allows local users to cause a denial of service...
BSA-2017-322
Security Advisory ID : BSA-2017-322 Component : JAVA SE AWT Revision : 3.0: Final Vulnerability in the Java SE component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with...
BSA-2017-318
Security Advisory ID : BSA-2017-318 Component : SSH1 Revision : 1.0: Interim The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a...
BSA-2017-316
Security Advisory ID : BSA-2017-316 Component : SNMP Revision : 1.0: Interim In SNMP version 1 & 2 authentication should only accept the value stored in the SNMP agent authentication mechanism. With this vulnerability an attacker can use any value string or integer in order to authenticate the SN...
BSA-2017-319
Security Advisory ID : BSA-2017-319 Component : SSH Revision : 1.0: Interim The SSH protocols 1 and 2 aka SSH-2 as implemented inOpenSSHand other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: 1 password lengths or ranges of...
BSA-2017-341
Security Advisory ID : BSA-2017-341 Component : Samba Revision : 1.0: Interim All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute...
BSA-2017-320
Security Advisory ID : BSA-2017-320 Component : Intel Active Mgmt Technology Revision : 1.0: Interim There is an escalation of privilege vulnerability in Intel® Active Management Technology AMT, Intel® Standard Manageability ISM, and Intel® Small Business Technology versions firmware versions 6.x...
BSA-2017-333
Security Advisory ID : BSA-2017-333 Component : zlib Revision : 1.0: Interim inftrees.cinzlib1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Affected Products Product| Current Assessment ---|--- Brocade Virtual Web Application...
BSA-2017-314
Security Advisory ID : BSA-2017-314 Component : WildFly Revision : 5.0: Final Incomplete blacklist vulnerability in the servlet filter restriction mechanism inWildFlyformerlyJBossApplication Server before 10.0.0.Final on Windows allows remote unauthenticated attackers to read sensitive files...
BSA-2017-321
Security Advisory ID : BSA-2017-321 Component : JAVA SE Revision : 3.0: Final Vulnerability in the Java SE component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker wi...
BSA-2017-336
Security Advisory ID : BSA-2017-336 Component : zlib Revision : 2.0: Interim There was a small optimization for PowerPCs to pre-increment a pointer when accessing a word, instead of post-incrementing. This required prefacing the loop with a decrement of the pointer, possibly pointing before the...
BSA-2017-334
Security Advisory ID : BSA-2017-334 Component : zlib Revision : 2.0: Interim An oldinffast.coptimization turns out to not be optimal anymore with modern compilers, and furthermore was not compliant withtheCstandard, for which decrementing a pointer before its allocated memory is undefined. Affect...
BSA-2017-317
Security Advisory ID : BSA-2017-317 Component : Apache Tomcat Revision : 2.0: Interim In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was...
BSA-2017-339
Security Advisory ID : BSA-2017-339 Component : OpenVPN Revision : 2.0: Interim An authenticated client can cause the server's the packet-id counter to roll over, which would lead the server process to hit anASSERT and stop running. To make the server hit theASSERT, the client must first cause th...
BSA-2017-348
Security Advisory ID : BSA-2017-348 Component : StrongSwan Revision : 2.0: Interim A denial-of-service vulnerability in the x509 plugin was discovered instrongSwan. All versions are affected. Incorrect Handling of CHOICE types in ASN.1 parser and x509 plugin ASN.1 CHOICE types are not correctly...