The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code (CVE-2014-9471)

The parsedatetime function in GNU coreutils allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command...

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 (CVE-2022-22576)

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocol...

A flaw was found in systemd, where it mishandles numerical usernames beginning with decimal digits, or "0x" followed by hexadecimal digits.(CVE-2020-13776)

Systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082...

Several security-related HTTP Headers were missing (CVE-2023-5648)

In Brocade ASCG before Brocade ASCG v3.0, several security-related HTTP Headers were missing in various Brocade ASCG URL paths, aiding unauthenticated attackers to perform attacks such as Cross-Site Scripting, Clickjacking, Information disclosure, and more...

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution (CVE-2023-38408)

The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...

HTTP2 Rapid Reset Vulnerability (CVE-2023-44487)

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. More information at: https://vulners.com/cve/CVE-2023-44487...

SOCKS5 heap buffer overflow (CVE-2023-38545)

When curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255 bytes.If the hostname is detected to be longer than 255 bytes, curl switches to local name resolving and...

2023.3 IPU - BIOS Advisory (CVE-2022-43505)

Potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow escalation of privilege, information disclosure, or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities...

Vulnerabilities in Supermicro BMC IPMI firmware (CVE-2023-40289, CVE-2023-40284, CVE-2023-40287, CVE-2023-40288, CVE-2023-40290, CVE-2023-40285, CVE-2023-40286)

The Binarly research team has discovered multiple vulnerabilities in the Supermicro IPMI firmware component developed by ATEN. Vulnerabilities can be exploited by unauthenticated, remote attackers and could result in obtaining the root of the BMC system. CVE ID| Severity| Issue Type| Description...

Intel(R) CPU information disclosure (CVE-2022-40982)

Information exposure through microarchitectural state after transient execution in certain vector execution units for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. Products Confirmed Not Affected No Brocade Fibre Channel...

Heap buffer overflow in libwebp (CVE-2023-4863)

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Products Confirmed Not Affected No Brocade Fibre Channel products from Broadcom are known to be affected by this...

CVE-2022-45688 -A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data. Products Confirmed Not Affected No Brocade Fibre Channel Product from Broadcom Products is known to be affected by this vulnerability...

CVE-2023-4162 - Segmentation fault in Brocade Fabric OS after Brocade Fabric OS v9.0

A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to crash a Brocade Fabric OS swith using the cli “passwdcfg --set -expire -minDiff“...

CVE-2023-4163 - Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS

In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command...

Oracle Java SE Multiple Vulnerabilities (July 2022 CPU update) CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-25647 CVE-2022-34169

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory: - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot...

CVE-2022-43937 - Sensitive fields are recorded in the debug-enabled logs

Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before v2.3.0 and 2.2.2a...

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace method in internal classes, which may lead to DoS attacks...

Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.

Apache Shiro contains an authentication bypass vulnerability when it is forwarding or including requests usingRequestDispatchercomponent. This could allow an attacker to gain unauthorized access to the application...

A remote attacker can supply specially crafted transfer-encoding chunks to Eclipse Jetty that may bypass the authorization checks of an intermediary caching proxy.

In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a...

CVE-2023-31424 - Web authentication and authorization bypass

Brocade SANnav web interface before Brocade SANnav v2.3.0 and v2.2.2a allow remote unauthenticated users to bypass web authentication and authorization...

Buffer overflow in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string

Buffer overflow in the charsettointern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. Notes: Brocade SANnav contains the affected open source routines, but these...

Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...

An improper access control vulnerability has been discovered in Apache Spark

In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute co...

CVE-2023-31925 - Storage of clear text password in Brocade SANnav

Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuratio...

Azul Zulu Java Multiple Vulnerabilities (Jan 2022 Java update) CVE-2022-21248 CVE-2022-21277 CVE-2022-21366 CVE-2022-21282 CVE-2022-21296 CVE-2022-21283 CVE-2022-21291 CVE-2022-21305 CVE-2022-21293 CVE-2022-21294 CVE-2022-21340 CVE-2022-21299 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365

The version of Azul Zulu installed on the remote host is prior to 6 6.45 / 7 7.51.0.12 / 8 8.59.0.12 / 11 11.53.14 / 13 13.45.12 / 15 15.37.14 / 17 17.32.14. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022-01-18 advisory. - Vulnerability in the Oracle Java SE,...

Oracle Java SE Multiple Vulnerabilities (Apr 2022 CPU update) CVE-2022-21449 CVE-2022-21476 CVE-2022-21426

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory: - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component:...

Azul Zulu Java Multiple Vulnerabilities (CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399)

The version of Azul Zulu installed on the remote host is prior to 6 6.51 / 7 7.57.0.14 / 8 8.65.0.14 / 11 11.59.16 / 13 13.51.14 / 15 15.43.14 / 17 17.37.14 / 19 19.30.12. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022-10-18 advisory. Vulnerability in the Oracle...

CVE-2018-1273 Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions,

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

CVE-2023-31423 - Possible information exposure through log file vulnerability

Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the attacker must first collect a "supportsave" on Brocade SANnav or have access to an...

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded.

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

Security updates provided in Brocade SANnav v2.2.2a and v2.3.0

Dear Brocade Customer: This Advisory aims to inform you of Brocade SANnav Security updates in Brocade SANnav v2.2.2a and v2.3.0. Please review the recently posted security advisories listed here: Updated Security Advisories https://support.broadcom.com/external/content/SecurityAdvisories/0/21225...

Oracle Java SE Multiple Vulnerabilities (Jan 2023 CPU update) CVE-2023-21830 CVE-2023-21843 CVE-2023-21835

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component:...

CVE-2023-3489 - firmwaredownload command could log servers passwords in clear text

The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS. CVE Details The firmwaredownload command downloads the Brocade Fabric OS...

PostgreSQL vulnerability in SANnav 2.2.0.2

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...

Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL

In Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition...

Vulnerable postgresql component found in SANnav RPM package

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which...

CVE-2023-0286 -X.400 address type confusion in X.509 GeneralName

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

CVE-2020-8648 - use-after-free vulnerability

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the nttyreceivebufcommon function in drivers/tty/ntty.c...

CVE-2020-12243 - denial of service in filter.c in slapd in OpenLDAP

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash. Products Confirmed Not Affected No Brocade Fiber Channel product from Broadcom products is affected by this vulnerability...

CVE-2020-1749 - A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data...

CVE-2023-31426 - scp, sftp, ftp servers passwords in supportsave

The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information...

Security updates provided in Brocade Fabric OS v9.2.0, v9.1.1c, v8.2.3d

Dear Brocade Customer: This Advisory aims to inform you of Brocade Fabric OS Security updates in Brocade Fabric OS v9.2.0, v9.1.1c, and v8.2.3d. Please review the recently posted security advisories listed here: Updated Security Advisories...

net ipv4 route.c has an information leak because the hash table is very small

In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. Impact: Successful exploitation of this vulnerability could lead to disclosure of sensitive information. Pro ducts Affected Brocade Fabric OS v9.0 and later...

Hardware allows activation of test or debug logic

Hardware allows activation of test or debug logic at runtime for some IntelR processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access...

CVE-2023-31430 - buffer overflow vulnerability in “secpolicydelete” command

A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service...

CVE-2023-31431 - A buffer overflow vulnerability in “diagstatus” command

A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service...

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation (CVE-2022-25235)

xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context...

A flaw in OpenSSH helper programs could lead to local privilege escalation

A flaw was found in OpenSSH. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. Depending on system configuration, inherite...

CVE-2023-31429 - Vulnerability in multiple commands

Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content ...