879 matches found
Rocky Linux Security Updates RLSA-2023:5312 (CVE-2023-20900) and RSLA-2023:5244 (CVE-2023-35001, CVE-2023-4004, CVE-2023-3390, CVE-2023-3776, CVE-2023-3090, CVE-2023-35788, CVE-2023-20593, CVE-2023-2002)
Rocky Linux security update RLSA-2023:5312 CVE-2023-20900 A malicious actor that has been granted Guest Operation Privilegesin a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias Rocky Linux security updat...
A vulnerability was found in ncurses and occurs when used by a setuid application. (CVE-2023-29491)
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution (CVE-2023-38408)
The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...
A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configuration. (CVE-2023-32233)
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled...
A flaw was discovered in the XFS source in the Linux kernel (CVE-2020-12655)
An issue was discovered in xfsagfverify in fs/xfs/libxfs/xfsalloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767...
The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code (CVE-2014-9471)
The parsedatetime function in GNU coreutils allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command...
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 (CVE-2022-22576)
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocol...
Several security-related HTTP Headers were missing (CVE-2023-5648)
In Brocade ASCG before Brocade ASCG v3.0, several security-related HTTP Headers were missing in various Brocade ASCG URL paths, aiding unauthenticated attackers to perform attacks such as Cross-Site Scripting, Clickjacking, Information disclosure, and more...
A flaw was found in systemd, where it mishandles numerical usernames beginning with decimal digits, or "0x" followed by hexadecimal digits.(CVE-2020-13776)
Systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082...
HTTP2 Rapid Reset Vulnerability (CVE-2023-44487)
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. More information at: https://vulners.com/cve/CVE-2023-44487...
SOCKS5 heap buffer overflow (CVE-2023-38545)
When curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255 bytes.If the hostname is detected to be longer than 255 bytes, curl switches to local name resolving and...
2023.3 IPU - BIOS Advisory (CVE-2022-43505)
Potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow escalation of privilege, information disclosure, or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities...
Vulnerabilities in Supermicro BMC IPMI firmware (CVE-2023-40289, CVE-2023-40284, CVE-2023-40287, CVE-2023-40288, CVE-2023-40290, CVE-2023-40285, CVE-2023-40286)
The Binarly research team has discovered multiple vulnerabilities in the Supermicro IPMI firmware component developed by ATEN. Vulnerabilities can be exploited by unauthenticated, remote attackers and could result in obtaining the root of the BMC system. CVE ID| Severity| Issue Type| Description...
Intel(R) CPU information disclosure (CVE-2022-40982)
Information exposure through microarchitectural state after transient execution in certain vector execution units for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. Products Confirmed Not Affected No Brocade Fibre Channel...
Heap buffer overflow in libwebp (CVE-2023-4863)
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Products Confirmed Not Affected No Brocade Fibre Channel products from Broadcom are known to be affected by this...
CVE-2022-45688 -A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data. Products Confirmed Not Affected No Brocade Fibre Channel Product from Broadcom Products is known to be affected by this vulnerability...
Security updates provided in Brocade SANnav v2.2.2a and v2.3.0
Dear Brocade Customer: This Advisory aims to inform you of Brocade SANnav Security updates in Brocade SANnav v2.2.2a and v2.3.0. Please review the recently posted security advisories listed here: Updated Security Advisories https://support.broadcom.com/external/content/SecurityAdvisories/0/21225...
CVE-2023-4162 - Segmentation fault in Brocade Fabric OS after Brocade Fabric OS v9.0
A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to crash a Brocade Fabric OS swith using the cli “passwdcfg --set -expire -minDiff“...
CVE-2023-4163 - Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS
In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command...
Oracle Java SE Multiple Vulnerabilities (July 2022 CPU update) CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-25647 CVE-2022-34169
The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory: - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot...
Azul Zulu Java Multiple Vulnerabilities (Jan 2022 Java update) CVE-2022-21248 CVE-2022-21277 CVE-2022-21366 CVE-2022-21282 CVE-2022-21296 CVE-2022-21283 CVE-2022-21291 CVE-2022-21305 CVE-2022-21293 CVE-2022-21294 CVE-2022-21340 CVE-2022-21299 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365
The version of Azul Zulu installed on the remote host is prior to 6 6.45 / 7 7.51.0.12 / 8 8.59.0.12 / 11 11.53.14 / 13 13.45.12 / 15 15.37.14 / 17 17.32.14. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022-01-18 advisory. - Vulnerability in the Oracle Java SE,...
An improper access control vulnerability has been discovered in Apache Spark
In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute co...
Oracle Java SE Multiple Vulnerabilities (Jan 2023 CPU update) CVE-2023-21830 CVE-2023-21843 CVE-2023-21835
The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component:...
Vulnerable postgresql component found in SANnav RPM package
pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which...
Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL
In Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition...
Oracle Java SE Multiple Vulnerabilities (Apr 2022 CPU update) CVE-2022-21449 CVE-2022-21476 CVE-2022-21426
The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory: - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component:...
CVE-2023-3489 - firmwaredownload command could log servers passwords in clear text
The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS. CVE Details The firmwaredownload command downloads the Brocade Fabric OS...
PostgreSQL vulnerability in SANnav 2.2.0.2
A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...
CVE-2022-43937 - Sensitive fields are recorded in the debug-enabled logs
Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before v2.3.0 and 2.2.2a...
Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.
Apache Shiro contains an authentication bypass vulnerability when it is forwarding or including requests usingRequestDispatchercomponent. This could allow an attacker to gain unauthorized access to the application...
CVE-2018-1273 Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions,
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...
A remote attacker can supply specially crafted transfer-encoding chunks to Eclipse Jetty that may bypass the authorization checks of an intermediary caching proxy.
In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a...
CVE-2023-31423 - Possible information exposure through log file vulnerability
Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the attacker must first collect a "supportsave" on Brocade SANnav or have access to an...
CVE-2023-31424 - Web authentication and authorization bypass
Brocade SANnav web interface before Brocade SANnav v2.3.0 and v2.2.2a allow remote unauthenticated users to bypass web authentication and authorization...
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace method in internal classes, which may lead to DoS attacks...
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded.
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...
CVE-2023-31925 - Storage of clear text password in Brocade SANnav
Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuratio...
Azul Zulu Java Multiple Vulnerabilities (CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399)
The version of Azul Zulu installed on the remote host is prior to 6 6.51 / 7 7.57.0.14 / 8 8.65.0.14 / 11 11.59.16 / 13 13.51.14 / 15 15.43.14 / 17 17.37.14 / 19 19.30.12. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022-10-18 advisory. Vulnerability in the Oracle...
Buffer overflow in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string
Buffer overflow in the charsettointern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. Notes: Brocade SANnav contains the affected open source routines, but these...
Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...
CVE-2023-0286 -X.400 address type confusion in X.509 GeneralName
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...
CVE-2020-12243 - denial of service in filter.c in slapd in OpenLDAP
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash. Products Confirmed Not Affected No Brocade Fiber Channel product from Broadcom products is affected by this vulnerability...
CVE-2020-1749 - A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data...
CVE-2020-8648 - use-after-free vulnerability
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the nttyreceivebufcommon function in drivers/tty/ntty.c...
Potential Denial of Service exploit in Net-SNMP 5.8 through 5.9.3
handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker who has write access to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service...
CVE-2023-31927 - An information disclosure in the web interface of Brocade Fabric OS
An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface...
CVE-2023-31928 - XSS vulnerability in Brocade Webtools
A reflected cross-site scripting XSS vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools...
openssl file names of certificates being hashed were possibly passed to a command executed through the shell
In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...
CVE-2023-31426 - scp, sftp, ftp servers passwords in supportsave
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information...
Security updates provided in Brocade Fabric OS v9.2.0, v9.1.1c, v8.2.3d
Dear Brocade Customer: This Advisory aims to inform you of Brocade Fabric OS Security updates in Brocade Fabric OS v9.2.0, v9.1.1c, and v8.2.3d. Please review the recently posted security advisories listed here: Updated Security Advisories...