875 matches found
BSA-2017-244
Security Advisory ID : BSA-2017-244 Component : SNMP Revision : 2.0: Interim An SNMP community name is the default e.g. public, null, or missing. Affected Products Product| Current Assessment ---|--- Brocade Virtual Web Application Firewall| Impacted: Make sure SNMP is not enabled...
BSA-2017-247
Security Advisory ID : BSA-2017-247 Component : OpenSSH Revision : 3.0: Final Theauthpasswordfunction inauth-passwd.cinsshdinOpenSSHbefore 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service crypt CPU consumption via a long...
BSA-2017-246
Security Advisory ID : BSA-2017-246 Component : FOS Revision : 2.0: Final Thehashbufferfunction inschnorr.cinOpenSSHthrough 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of servic...
BSA-2017-242
Security Advisory ID : BSA-2017-242 Component : Linksys Revision : 1.0: Interim LinksysEtherFastBEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community strin...
BSA-2017-248
Security Advisory ID : BSA-2017-248 Component : IPV6 Revision : 1.0: Interim An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big PTB messages. The scope of this CVE is all affected IPv6 implementations from all vendors. The security implications of IP...
BSA-2017-241
Security Advisory ID : BSA-2017-241 Component : SNMP Revision : 1.0: Interim SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used inNetgearME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain...
BSA-2017-237
Security Advisory ID : BSA-2017-237 Component : Stack Buffer Overflow Issue in BSD libc Revision : 1.0: Interim The BSDlibclibrary'slinkntoa function may be vulnerable to a classic buffer overflow. It is currently unclear if this issue is exploitable. Affected Products Brocade is investigating it...
BSA-2017-239
Security Advisory ID : BSA-2017-239 Component : SNMP Revision : 1.0: Interim The Simple Network Management Protocol SNMP is a commonly used network service. Its primary function is to provide network administrators with information about all kinds of network connected devices. SNMP can be used to...
BSA-2017-245
Security Advisory ID : BSA-2017-245 Component : SNMP Revision : 1.0: Interim snmpdin SCOOpenServerhas an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration. Affected Products Brocade is investigating its product lines to determine...
BSA-2017-235
Security Advisory ID : BSA-2017-235 Component : Oracle Web Services Revision : 1.0: Interim Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, a...
BSA-2017-240
Security Advisory ID : BSA-2017-240 Component : SNMP Revision : 1.0: Interim The Simple Network Management Protocol SNMP is a commonly used network service. Its primary function is to provide network administrators with information about all kinds of network connected devices. SNMP can be used to...
BSA-2017-224
Security Advisory ID : BSA-2017-224 Component : ntp Revision : 1.0: Interim Ifntpdis configured to allowmrulistquery requests from a server that sends a crafted malicious packet,ntpdwill crash on receipt of that crafted maliciousmrulistquery packet. Affected Products Brocade is investigating its...
BSA-2017-236
Security Advisory ID : BSA-2017-236 Component : Low Bandwidth ICMP Attack Revision : 1.0: Interim Blacknurseis a low bandwidth ICMP attack that is capable of doing denial of service towell knownfirewalls.MostICMP attacks that we see are based on ICMP Type 8 Code 0 also called a ping flood...
BSA-2017-243
Security Advisory ID : BSA-2017-243 Component : SNMP Revision : 1.0: Interim The Simple Network Management Protocol SNMP is a commonly used network service. Its primary function is to provide network administrators with information about all kinds of network connected devices. SNMP can be used to...
BSA-2017-238
Security Advisory ID : BSA-2017-238 Component : SNMP Revision : 1.0: Interim The Simple Network Management Protocol SNMP is a commonly used network service. Its primary function is to provide network administrators with information about all kinds of network connected devices. SNMP can be used to...
BSA-2017-222
Security Advisory ID : BSA-2017-222 Component : ntp Revision : 1.0: Interim Windows:ntpdDoSby oversized UDP packet. Class:Failure to Handle Exceptional Conditions. Affected Products Product| Current Assessment ---|--- Brocade 5600vRouter| Impacted: Fixed in 17.1.0...
BSA-2017-210
Security Advisory ID : BSA-2017-210 Component : libidn Revision : 2.0: Final idnin GNUlibidnbefore 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read...
BSA-2017-213
Security Advisory ID : BSA-2017-213 Component : libidn Revision : 2.0: Final idninlibidnbefore 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948...
BSA-2017-215
Security Advisory ID : BSA-2017-215 Component : sqlite Revision : 3.0: Final osunix.cin SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service application crash, or have...
BSA-2017-234
Security Advisory ID : BSA-2017-234 Component : Linux Kernel Revision : 2.0: Interim Race condition in net/packet/afpacket.cin the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service use-after-free by leveraging the CAPNETRAW capability to change a socke...
BSA-2017-205
Security Advisory ID : BSA-2017-205 Component : OpenSSL Revision : 1.0: Interim Severity: High-TLS connections using -CHACHA20-POLY1305ciphersuitesare susceptible to aDoSattack by corrupting larger payloads. This can result in an OpenSSL crash. Thisissue is not considered to be exploitable beyond...
BSA-2017-225
Security Advisory ID : BSA-2017-225 Component : ntp Revision : 1.0: Interim Whenntpdreceives a server response on a socket that corresponds to a different interface than was used for the request, the peer structure is updated to use the interface for new requests. Ifntpdis running on a host with...
BSA-2017-226
Security Advisory ID : BSA-2017-226 Component : ntp Revision : 1.0: Interim The broadcast mode of NTP is expected to only be used in a trusted network. If the broadcast network is accessible to an attacker, a potentially exploitable denial of service vulnerability inntpd'sbroadcast mode poll...
BSA-2017-218
Security Advisory ID : BSA-2017-218 Component : ntp Revision : 1.0: Interim tpddoes not enable trap service by default. If trap service has been explicitly enabled, an attacker can send a specially crafted packet to cause a null pointer dereference that will crashntpd, resulting in a denial of...
BSA-2017-204
Security Advisory ID : BSA-2017-204 Component : Linux Kernel Revision : 1.0: Interim Xen and the Linux kernel through 4.5.x do not properly suppresshugetlbfssupport in x86 PV guests, which allows local PV guest OS users to cause a denial of service guest OS crash by attempting to access...
BSA-2017-216
Security Advisory ID : BSA-2017-216 Component : libcurl Revision : 1.0: Interim curl andlibcurlbefore 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loade...
BSA-2017-223
Security Advisory ID : BSA-2017-223 Component : ntp Revision : 1.0: Interim Zero Origin timestamp problems were fixed by Bug 2945 in ntp-4.2.8p6. However, subsequent timestamp validation checks introduced a regression in the handling of some Zero origin timestamp checks. Affected Products Product...
BSA-2017-227
Security Advisory ID : BSA-2017-227 Component : ntp Revision : 1.0: Interim Bug 2085 described a condition where the root delay was included twice, causing the jitter value to be higher than expected. Due to a misinterpretation of a small-print variable in The Book, the fix for this problem was...
BSA-2017-211
Security Advisory ID : BSA-2017-211 Component : libidn Revision : 1.0: Interim The idnatoascii4i function in lib/idna.cinlibidnbefore 1.33 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via 64 bytes of input. Affected Products Product| Current...
BSA-2017-219
Security Advisory ID : BSA-2017-219 Component : ntp Revision : 1.0: Interim An exploitable configuration modification vulnerability exists in the control mode mode 6 functionality ofntpd. If, against long-standing BCP recommendations, "restrict defaultnoquery..." is not specified, a specially...
BSA-2017-201
Security Advisory ID : BSA-2017-201 Component : OpenSSL Revision : 1.0: Interim It was found that function "ssl3readbytes" inssl/s3pkt.c might lead to higher CPU usage due to improper handling of warning packets.An attacker could repeat the undefined plaintext warning packets of "SSL3ALWARNING"...
BSA-2017-220
Security Advisory ID : BSA-2017-220 Component : ntp Revision : 1.0: Interim The broadcast mode of NTP is expected to only be used in a trusted network. If the broadcast network is accessible to an attacker, a potentially exploitable denial of service vulnerability inntpd'sbroadcast mode replay...
BSA-2017-207
Security Advisory ID : BSA-2017-207 Component : OpenSSL Revision : 1.0: Interim Severity: Low-There is a carry propagating bug in the Broadwell-specific Montgomerymultiplication procedure that handles input lengths divisible by, butlonger than 256 bits. Analysis suggests that attacks against RSA,...
BSA-2017-221
Security Advisory ID : BSA-2017-221 Component : Low bandwidth ICMP attack Revision : 1.0: Interim Blacknurseis a low bandwidth ICMP attack that is capable of doing denial of service towell knownfirewalls.MostICMP attacks that we see are based on ICMP Type 8 Code 0 also called a ping flood...
BSA-2017-214
Security Advisory ID : BSA-2017-214 Component : wget Revision : 1.0: Interim Race condition inwget1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. Affect...
BSA-2017-206
Security Advisory ID : BSA-2017-206 Component : OpenSSL Revision : 1.0: Interim Severity: Moderate-Applications parsing invalid CMS structures can crash with a NULL pointerdereference. This is caused by a bug in the handling of the ASN.1 CHOICE typein OpenSSL 1.1.0 which can result in a NULL valu...
BSA-2017-212
Security Advisory ID : BSA-2017-212 Component : libidn Revision : 2.0: Final The stringpreputf8nfkcnormalize function in lib/nfkc.cinlibidnbefore 1.33 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via crafted UTF-8 data...
BSA-2017-115
Security Advisory ID : BSA-2017-115 Component : Apache HTTPD Revision : 2.0: Final The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow...
BSA-2017-501
Security Advisory ID : BSA-2017-501 Component : Apache HTTPD Revision : 2.0: Final In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to modauthdigest can cause the server to crash, and each instance continues to crash even for subsequently valid requests...
BSA-2016-209
Security Advisory ID : BSA-2016-209 Component : Web UI Revision : 1.0: Final A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0, could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster...
BSA-2017-180
Security Advisory ID : BSA-2017-180 Component : BNA Revision : 1.0: Final A Directory Traversal Vulnerability inCliMonitorReportServletin the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive...
BSA-2017-178
Security Advisory ID : BSA-2017-178 Component : BNA Revision : 1.0: Final A Directory Traversal Vulnerability inDashboardFileReceiveServletin the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload malicious file in a section of the file...
BSA-2017-177
Security Advisory ID : BSA-2017-177 Component : BNA Revision : 1.0: Final A Directory Traversal Vulnerability inFileReceiveServletin the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload malicious file in a section of the file system...
BSA-2017-179
Security Advisory ID : BSA-2017-179 Component : BNA Revision : 1.0: Final A Directory Traversal Vulnerability in servletSoftwareImageUploadin the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently dele...
BSA-2017-105
Security Advisory ID : BSA-2017-105 Component : Apache HTTPD Revision : 2.0: Final The Apache HTTP Server 2.4.18 through 2.4.20, when modhttp2 and modssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attacker...
BSA-2016-198
Security Advisory ID : BSA-2016-198 Component : curl/libcurl Revision : 2.0: Final Use-after-free vulnerability inlibcurlbefore 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors...
BSA-2016-195
Security Advisory ID : BSA-2016-195 Component : OpenSSH Revision : 2.0: Final sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by...
BSA-2016-182
Security Advisory ID : BSA-2016-182 Component : OpenSSH Revision : 3.0: Final The x11openhelper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypa...
BSA-2016-012
Security Advisory ID : BSA-2016-012 Component : BEA WebLogic Revision : 2.0: Final The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to...
BSA-2016-011
Summary Security Advisory ID : BSA-2016-011 Component : OpenSSL Revision : 6.0 N/A...