CVE-2016-7117 - Use-after-free vulnerability in the Linux kernel

Use-after-free vulnerability in the sysrecvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing...

CVE-2022-36760 - HTTP Request Smuggling

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...

CVE-2022-34917 - OutOfMemoryException in Apache Kafka

A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Exampl...

Brocade Product Security Incident Response Team Contact Information

Brocade Communications Systems Brocade is committed to resolving vulnerabilities to meet the needs of its customers and the broader technology community. Brocade Product Security Incident Response Team Brocade PSIRT is a global team that manages the receipt, investigation and internal coordinatio...

CVE-2022-47941, CVE-2022-47942, CVE-2022-47938, CVE-2022-47939, CVE-2022-47940. Vulnerabilities affecting the ksmb module in the Linux kernel versions 5.14 through 5.15.61. (BSA-2022-2157).

Security Advisory ID: BSA-2022-2157 Component: ksmbd module in the Linux kernel Revision: 2.1 Brocade PSIRT has become aware of several vulnerabilities affecting theksmbdmodule in the Linux kernel published by Trend Micro Zero Day Initiative. ZDI-22-1687 - CVSS SCORE: 5.3 - CVE-2022-47941...

CVE-2022-40259, CVE-2022-40242, CVE-2022-2827 -- Vulnerabilities in AMI MegaRAC Baseboard Management Controller (BMC) software.(BSA-2022-2147)

Security Advisory ID: BSA-2022-2147 Component: BMC Software Revision: 1.0 Brocade PSIRT has become aware of several vulnerabilities discovered by Eclypsium Research affecting AMI MegaRAC Baseboard Management Controller BMC software. More information at:...

CVE-2022-2601 & CVE-2022-3775: Multiple GRUB2 vulnerabilities

Security Advisory ID : BSA-2022-2139 Component : GRUB2 Revision : 1.0 Brocade PSIRT has become aware of two grub vulnerabilities. CVE-2022-2601 grub2: A buffer overflow in grubfontconstructglyph can lead to out-of-bound write and possible secure boot by-pass A buffer overflow was found in...

CVE-2022-43936: Switch passwords in logs

Brocade SANnav versions before v2.2.2 improperly expose Brocade Fabric OS switch password when debugging is turned on. A local or remote authenticated privileged user with access to logs may gain switch users' passwords. Products Affected Brocade SANnav versions before v2.2.2 Products Confirmed N...

CVE-2022-33187 : Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs

Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information. Products Affected Brocade SANnav versions before v2.2.1 Products Confirmed Not Affected No other Brocade Fibre...

CVE-2022-43933 : Configuration secrets are logged in support-save

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in support-save. Support-save file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and...

CVE-2022-43935: Switch passwords and authorization IDs are printed in the embedded MLS DB file5

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file. Products Affected Brocade SANnav versions before v2.2.2 Products Confirmed Not...

CVE-2022-43934 : Weak Key-exchange algorithms

Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095. Products Affected Brocade SANnav versions before v2.2.2 Products Confirmed Not Affected No other Brocade Fibre Channel products are affected. Credit...

CVE-2021-23017: NGINX Resolver Vulnerability

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. Products Affected. Brocade SANnav - Fixed in Brocade SANnav 2.2.1...

CVE-2021-4044: Invalid handling of X509_verify_cert() internal errors in libssl

A flaw was found in the way OpenSSL verified certificates via the X509verifycert function. X509verifycert fuunction may return a negative return value to indicate an internal error for example, out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO function such...

CVE-2022-33186 : EZServer module vulnerability. (BSA-2022-2121)

Security Advisory ID: BSA-2022-2121 Component: EZServer Revision: 2.1 A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning,...

CVE-2022-43936: Switch passwords in logs

Security Advisory ID : BSA-2022-2126 Component : Logs Revision : 1.0 Brocade SANnav versions before v2.2.2 improperly expose Brocade Fabric OS switch password when debugging is turned on. A local or remote authenticated privileged user with access to logs may gain switch users' passwords...

CVE-2022-43935: Switch passwords and authorization IDs are printed in the embedded MLS DB file5

Security Advisory ID : BSA-2022-2125 Component : MLSDB Revision : 1.0 An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file...

CVE-2022-43934 : Weak Key-exchange algorithms

Security Advisory ID : BSA-2022-2124 Component : Crypto Revision : 1.0 Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095...

CVE-2021-4044: Invalid handling of X509_verify_cert() internal errors in libssl

Security Advisory ID : BSA-2022-1661 Component : OpenSSL Revision : 1.0 A flaw was found in the way OpenSSL verified certificates via the X509verifycert function. X509verifycert fuunction may return a negative return value to indicate an internal error for example, out of memory. Such a negative...

CVE-2022-33187 : Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. (BSA-2022-2122)

Security Advisory ID: BSA-2022-2122 Component: DebugLogs Revision: 1.0 Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information...

CVE-2022-24903: A flaw in rsyslog TCP module could allow an attacker to craft a malicious message leading to a heap-based buffer overflow. (BSA-2022-2127)

Security Advisory ID: BSA-2022-2127 Component: Rsyslog Revision: 1.0 Rsyslog is vulnerable to remote code execution RCE due to improper validation of input data when octet-counted framing is used. An attacker could exploit this vulnerability by supplying a system with maliciously crafted messages...

CVE-2022-43933 : Configuration secrets are logged in support-save

Security Advisory ID : BSA-2022-2123 Component : Configsecrets Revision : 1.0 An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in support-save. Support-save file is generated by an admin user...

CVE-2022-33186 : EZServer module vulnerability

A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP...

CVE-2022-24903: A flaw in rsyslog TCP module could allows an attacker to craft a malicious message leading to a heap-based buffer overflow.

Rsyslog is vulnerable to remote code execution RCE due to improper validation of input data when octet-counted framing is used. An attacker could exploit this vulnerability by supplying a system with maliciously crafted messages. Products Affected. Brocade SANnav - Fixed in Brocade SANnav 2.2.1...

CVE-2021-23017: NGINX Resolver Vulnerability

Security Advisory ID : BSA-2021-1516 Component : NGINX Revision : 1.0 A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...

CVE-2022-3358 : Using a Custom Cipher with NID_undef may lead to NULL encryption

OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0, and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions...

CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows

Security Advisory ID : BSA-2022-2115 Component : OpenSSL Revision : 1.0 On November 1st, 2022 the OpenSSL Project disclosed CVE-2022-3602 and CVE-2022-3786 present in OpenSSL 3.0.x... The vulnerabilities were initially rated as critical severity vulnerabilities but are now disclosed as high. More...

CVE-2022-3358 : Using a Custom Cipher with NID_undef may lead to NULL encryption

Security Advisory ID : BSA-2022-2094 Component : OpenSSL Revision : 1.0 OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0, and application authors are instead encouraged to use the new...

CVE-2022-42889. Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults.

Security Advisory ID : BSA-2022-2096 Component : Apache Commons Text Revision : 1.1 Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an...

CVE-2022-0778 - Infinite loop in BN_mod_sqrt() reachable when parsing certificates

Security Advisory ID: BSA-2022-1752 Component: OpenSSL Revision: 2.0 The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. More information is at https://www.openssl.org/news/secadv/20220315.txt Affected Products Broca...

CVE-2017-18018: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file

In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. Affected Products All versions of...

CVE-2022-33181. Information disclosure vulnerability in Brocade Fabric OS CLI using switch commands “configshow” and “supportlink”.

An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”. Affected Product All Brocade Fabric OS...

CVE-2022-33183. Stack buffer overflow using in “firmwaredownload” and “diagshow” commands.

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands. Affected Product All Brocade Fabric OS versions...

CVE-2022-28170. Brocade Fabric OS Web Application services store server and user passwords in the debug statements.

Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. Affected Product All Brocade Fabric OS versions...

BSA-2022-2075

Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools user to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose...

CVE-2022-33179. A vulnerability in Brocade Fabric OS CLI could allow an attacker to break out of restricted shells and escalate privileges

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. Affected Product All Brocade Fabric OS versions...

CVE-2022-33180. Sensitive files export.

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”. Affected Product All Brocade Fabric OS versions...

CVE-2022-33185. Several commands in Brocade Fabric OS use unsafe string function to process user input

Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account...

CVE-2018-0732. Client DoS due to large DH parameter.

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

CVE-2021-23841: Null pointer deref in X509_issuer_and_serial_hash()

Security Advisory ID : BSA-2022-1303 Component : OpenSSL Revision : 1.0 The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors...

CVE-2021-39275. ap_escape_quotes buffer overflow

Security Advisory ID : BSA-2022-1599 Component : Apache httpd Revision : 1.1 An out-of-bounds write in function apescapequotes of httpd allows an unauthenticated, remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing...

CVE-2019-9169. Heap-based buffer over-read in the GNU C Library. (BSA-2022-776)

Security Advisory ID: BSA-2022-776 Component: GNU C Library Revision: 2.0 In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. Notes: Brocade PSIRT has confirmed that...

CVE-2022-0155: Exposure of Private Personal Information to an Unauthorized Actor

Security Advisory ID : BSA-2022-1676 Component : Follow-Redirects Revision : 2.0 follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor. Notes: Brocade Fabric OS does not use cookies; however, Brocade Fabric OS versions after v9.0.0 and before v9.1.1 d...

CVE-2022-33178. A vulnerability in the radius authentication system could allow arbitrary code execution.

A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. Due to improper input validation, the privileged attacker could provide a script as Brocade-Auth-Role parameter that...

CVE-2021-3711: ASN1_STRING structure contains a buffer holding the string data

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

CVE-2022-33182. Privilege escalation using switch commands "supportlink", "firmwaredownload", "portcfgupload","license", and "fosexec".

Security Advisory ID : BSA-2022-2084 Component : FOS Revision : 2.0 A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands "supportlink...

CVE-2021-3711: ASN1_STRING structure contains a buffer holding the string data

Security Advisory ID : BSA-2022-1586 Component : OpenSSL Revision : 2.0 In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and,...

CVE-2022-28169 - Brocade Fabric OS Privilege Escalation Vulnerability (BSA-2022-2075)

Security Advisory ID : BSA-2022-2075 Component : Webtools Revision : 3.1 Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools user to gain elevated admin rights, or privileges, beyond what is intended or...

CVE-2018-5764, CVE-2017-16548 and CVE-2017-1734. Vulnerabilities in rsynd

Security Advisory ID : BSA-2022-2074 Component : rsyncd Revision : 1.0 CVE-2018-5764: The parsearguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. Base...

CVE-2014-9984: nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer

Security Advisory ID : BSA-2022-607 Component : GNU C Library Revision : 1.1 nscd in the GNU C Library aka glibc or libc6 before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as...