95 matches found
CVE-2020-15778
The CVE-2020-15778 entry covers a command-injection flaw in scp within OpenSSH up to version 8.3p1. The vulnerability resides in scp.c toremote, enabling arbitrary command execution when a destination argument contains backtick characters; the vendor notes they intentionally forgo validating anom...
CVE-2023-38709
CVE-2023-38709 describes HTTP response splitting in the core of Apache HTTP Server caused by faulty input validation. It affects Apache HTTP Server up to version 2.4.58; multiple advisories (e.g., Astra Linux, AlmaLinux, Alpine Linux) note that upgrading to 2.4.64 fixes the issue. Some sources in...
CVE-2024-3596
Summary: CVE-2024-3596 is a forgery vulnerability in RADIUS (RFC 2865) where a local attacker can modify a valid RADIUS response to another response using a chosen-prefix collision against MD5. The vulnerability is associated with FreeRADIUS and is covered in multiple advisories (ALAS/ALSA) confi...
CVE-2024-24795
CVE-2024-24795 (httpd) describes HTTP response splitting in multiple Apache HTTP Server modules when malicious response headers can be injected into backend applications, enabling HTTP desynchronization. The vulnerability is mitigated by upgrading to Apache HTTP Server 2.4.59, as indicated across...
CVE-2020-1967
CVE-2020-1967 describes a NULL pointer dereference in OpenSSL’s SSL_check_chain() during or after a TLS 1.3 handshake, caused by incorrect handling of the signature_algorithms_cert extension. A malicious peer sending an invalid/unrecognized signature algorithm can crash the server/client, enablin...
CVE-2019-25013
CVE-2019-25013 affects the GNU C Library (glibc) iconv, where processing invalid multi-byte input in EUC-KR can cause a buffer over-read. Connected advisories confirm the issue and map it to glibc versions affected (through 2.32) and note that Debian, AlmaLinux/Alma or Amazon Linux advisories add...
CVE-2025-1976
Summary: CVE-2025-1976 affects Brocade Fabric OS 9.1.0 through 9.1.1d6. A local user with admin privileges can execute arbitrary code with full root privileges due to a design flaw in Fabric OS, effectively a local code-execution vulnerability. Impact: allows full compromise of the host system wh...
CVE-2020-29661
The entry CVE-2020-29661 describes a local, kernel-space vulnerability in the Linux tty subsystem (drivers/tty/tty_jobctrl.c) that can enable a use-after-free through TIOCSPGRP. A locking issue in this path allows memory corruption and potential privilege escalation or system impact when an attac...
CVE-2021-22876
The Connected documents confirm CVE-2021-22876 affects curl/libcurl 7.1.1 through 7.75.0, where libcurl fails to remove user credentials from URLs when populating the Referer header, leading to leakage of credentials to the server of the second request. The root cause is improper handling of cred...
CVE-2020-29660
This CVE (CVE-2020-29660) affects the Linux kernel tty subsystem, specifically in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c, where a locking inconsistency can enable a local attacker to perform a read-after-free against TIOCGSID. Consequences stated in multiple advisories include memory ...
CVE-2021-22890
CVE-2021-22890 affects curl 7.63.0 through 7.75.0. When using TLS 1.3 with an HTTPS proxy, libcurl could confuse TLS session tickets from the proxy as if they came from the remote server, potentially causing the host’s session ticket to be resumed incorrectly and bypass server certificate checks,...
CVE-2020-13645
Technical details for CVE-2020-13645 are not provided in the Connected documents. The Initial Description notes a hostname verification issue in GNOME glib-networking (GTlsClientConnection), but there are no product/version specifics beyond the CP4S remediation, so monitor for updates.
CVE-2019-18683
CVE-2019-18683 affects the Linux kernel’s V4L2 vivid driver (drivers/media/platform/vivid). The issue arises from wrong mutex locking in functions vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and related kthreads, causing multiple race conditions dur...
CVE-2019-18805
CVE-2019-18805 affects the Linux kernel prior to 5.0.11. A signed integer overflow occurs in net/ipv4/sysctl_net_ipv4.c and in tcp_input.c (tcp_ack_update_rtt()) when a very large value is written to /proc/sys/net/ipv4/tcp_min_rtt_wlen, potentially causing a denial of service or other impact. Con...
CVE-2022-33186
Affected software: Brocade Fabric OS (FOS) prior to 9.2.2. Root cause / vector: Embedding of the EZswitch software server allows a remote unauthenticated attacker to execute commands on the switch. Impact (as stated): Ability to modify zoning, disable the switch, disable ports, and modify the swi...
CVE-2019-19050
CVE-2019-19050 describes a memory leak in the Linux kernel’s crypto_reportstat() path (crypto/crypto_user_stat.c) that can cause a denial of service via memory consumption when crypto_reportstat_alg() fails, affected up to kernel 5.3.11. Connected Nessus advisories (Unity Linux UTSA-2026-003794 a...
CVE-2019-19069
CVE-2019-19069 affects the Linux kernel fastrpc DMA path. A memory leak in the function fastrpc_dma_buf_attach() (drivers/misc/fastrpc.c) can be triggered by dma_get_sgtable() failures, allowing a potential denial of service through memory consumption. The vulnerability is in kernels before 5.3.9...
CVE-2024-29954
CVE-2024-29954 affects Brocade Fabric OS. The issue is a password management API that prints sensitive information to logs when the firmwaredownload command is used with an erroneous file or input, allowing an authenticated user to view server passwords for SCP/SFTP. Root cause: the failed firmwa...
CVE-2021-27797
CVE-2021-27797 affects Brocade Fabric OS. Versions prior to 8.2.1c, 8.1.2h, and all 8.0.x/7.x releases contain documented hard-coded credentials, enabling access to the system. The root cause is hard-coded admin credentials; impact is high (partial/complete confidentiality, integrity, and availab...
CVE-2021-27796
The CVE-2021-27796 issue affects Brocade Fabric OS prior to versions that include fixed releases v8.0.1b and v7.4.1d. An authenticated user in the restricted shell (rbash) on the user or factory account can read arbitrary files on the filesystem by leveraging one of several binaries, enabling pot...
CVE-2021-27789
CVE-2021-27789 affects Brocade Fabric OS web app and CLI on Brocade Fabric OS versions prior to v9.0.1a and v8.2.3a. The issue stems from debug statements that print sensitive information to stdout, enabling an attacker who has already compromised the FOS system to capture credentials and other s...
CVE-2021-27798
CVE-2021-27798 affects Brocade Fabric OS v7.4.1b and v7.3.1d, enabling local privileged directory traversal via the more binary in a restricted shell, allowing an attacker to enumerate the filesystem. The issue is tied to end-of-life versions (7.4.1.x and 7.3.x); Brocade/Red Hat/NVD entries reite...
CVE-2022-33185
CVE-2022-33185 affects Brocade Fabric OS prior to 9.0.1e and version 9.1.0. The root cause is the use of unsafe string functions to process user input in several commands, which can cause stack-based buffer overflows. An authenticated local attacker could exploit this to execute arbitrary code as...
CVE-2024-29953
CVE-2024-29953 affects Brocade Fabric OS, where the web interface on Virtual Fabric platforms can expose encoded session passwords stored in session storage to an authenticated user. Affected firmware ranges are Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d. Root cause is the handling/enc...
CVE-2022-28170
CVE-2022-28170 affects Brocade Fabric OS Web Application services, exposing stored passwords in debug statements across multiple firmware lines (before v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j). The underlying issue is that server and user credentials are logged in debug output, enabling a local attacke...
CVE-2024-10403
CVE-2024-10403 affects Brocade Fabric OS: versions prior to 8.2.3e2, 9.0.0–9.2.0c, and 9.2.1–9.2.1a may capture the SFTP/FTP server password used for firmware downloads when SANnav or WebEM triggers a weblinker core dump later uploaded via SupportSave. Root cause: sensitive credentials stored in ...
CVE-2024-5460
CVE-2024-5460 affects Brocade Fabric OS versions before 9.0.0, where a hard-coded, default SNMP community string in the SNMP daemon config enables an authenticated, remote attacker to read data from the device. Exploitation via SNMP v1 with the static community string is implied; the vulnerabilit...
CVE-2024-5462
Brocade Fabric OS vulnerable before 9.2.0 when SNMP password encryption is not configured. The SNMP privsecret and authsecret can be exposed in plaintext in configupload or supportsave captures, enabling an attacker to use SNMPv3 to retrieve OID values and potentially modify a limited set of MIB ...
CVE-2023-31426
The CVE-2023-31426 issue affects Brocade Fabric OS where the commands configupload and configdownload, on certain older Fabric OS versions, print scp, sftp, and ftp server passwords in the supportsave data. Root cause is exposure of passwords in supportsave output when using those commands prior ...
CVE-2020-15376
CVE-2020-15376 affects Brocade Fabric OS versions before v9.0.0 and after v8.1.0 when configured in Virtual Fabric mode. The vulnerability stems from a weakness in the LDAP implementation, which could allow a remote LDAP user to log in to a Brocade Fibre Channel SAN switch with only “user” privil...
CVE-2021-27793
CVE-2021-27793 affects Brocade Fabric OS TACACS+ login, causing intermittent authorization failures for users with valid accounts. Affected: FOS before 9.0.1b (and after 9.0.0) and before 8.2.3a (and after 8.2.0). Remediation: upgrade to 9.0.1b+ or 8.2.3a+ as indicated by advisories (BSA-2021-155...
CVE-2022-33180
CVE-2022-33180 affects Brocade Fabric OS CLI before versions v9.1.0, v9.0.1e, v8.2.3c, and v8.2.0cbn5. A local authenticated attacker can export sensitive files using seccryptocfg and configupload. Impact: confidentiality compromise (HIGH). Mitigation: upgrade to the fixed versions (9.1.0, 9.0.1e...
CVE-2024-7517
CVE-2024-7517 concerns a local, privileged escalation in Brocade Fabric OS prior to 9.2.0c and in 9.2.1–9.2.1a on IP Extension platforms (7810/7840/7850 or SX-6 blade on X6/X7). Exploitation requires an authenticated user on SSH/serial to craft portcfg usage. Root cause is a command-injection vul...
CVE-2022-28169
CVE-2022-28169 affects Brocade Fabric OS Webtools. A low-privilege Webtools user could elevate privileges to admin by crafting a request that creates an admin account using the operator’s session. Public details specify this occurs in Fabric OS versions prior to v9.1.1, v9.0.1e, and v8.2.3c. A mi...
CVE-2022-33178
The CVE-2022-33178 entry affects Brocade Fabric OS prior to 9.0, where a vulnerability in the radius authentication system could allow a remote attacker to execute arbitrary code on Brocade switches. The root cause is improper input validation of the Brocade-Auth-Role parameter, enabling code exe...
CVE-2019-16204
The CVE-2019-16204 issue affects Brocade Fabric OS prior to versions 7.4.2f, 8.2.2a, 8.1.2j, and 8.2.1d. The vulnerability allows exposure of external passwords, common secrets, or authentication keys used between the switch and an external server. Root cause: information disclosure via insecure ...
CVE-2022-33179
CVE-2022-33179 affects Brocade Fabric OS CLI before versions v9.1.0, v9.0.1e, v8.2.3c, and v7.4.2j. The issue allows a local authenticated user to escape restricted shells using the command “set context” and perform privilege escalation. Affected product: Brocade Fabric OS CLI. Root cause: improp...
CVE-2022-33183
CVE-2022-33183 describes a stack buffer overflow in the Brocade Fabric OS CLI. The vulnerability affects Brocade Fabric OS Command Line Interface prior to versions v9.1.0, v9.0.1e, v8.2.3c, v8.2.0cbn5, and v7.4.2.j, enabling a remote authenticated attacker to trigger a stack overflow via the firm...
CVE-2021-27794
CVE-2021-27794 affects Brocade Fabric OS prior to versions fixed in Brocade/Fabric OS advisories. The vulnerability arises in the authentication mechanism, allowing login with an empty or invalid password via telnet, ssh, and REST. Affected products include Brocade Fabric OS versions before v9.0....
CVE-2022-33181
CVE-2022-33181 affects Brocade Fabric OS CLI. The flaw in the CLI could allow a local authenticated attacker to read sensitive files via switch commands configshow and supportlink. Affected versions include Brocade Fabric OS before v9.1.0, and specific builds v9.0.1e, v8.2.3c, v8.2.0cbn5, and v7....
CVE-2023-3454
CVE-2023-3454 is a remote code execution flaw in Brocade Fabric OS that affects versions after 9.0 and before 9.2.0. An unauthenticated attacker could execute arbitrary code and gain root access on affected Brocade Fibre Channel switches. Documented impact is high to critical, with disclosures in...
CVE-2022-33184
The vulnerability CVE-2022-33184 affects Brocade Fabric OS via the fab_seg.c.h libraries, with all prior-FOS versions vulnerable to a stack-based buffer overflow that could let a local authenticated attacker execute arbitrary code as root. Affected platforms include Fabric OS releases prior to 9....
CVE-2022-33182
CVE-2022-33182 is a privilege escalation in Brocade Fabric OS CLI prior to 9.1.0, 9.0.1e, 8.2.3c, or 8.2.0cbn5. A local authenticated user could escalate to root via switch commands: “supportlink”, “firmwaredownload”, “portcfgupload”, “license”, and “fosexec”. Connected PT-2022-5072 corroborates ...
CVE-2017-6227
CVE-2017-6227 affects Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS). The IPv6 stack vulnerability allows a remote attacker to cause a denial-of-service (CPU consumption and device hang) by sending crafted Router Advertisement messages. Affected FOS versions include pre-7.4.2b...
CVE-2023-31427
CVE-2023-31427 affects Brocade Fabric OS prior to 9.1.1c and 9.2.0, enabling an authenticated local user with knowledge of full path names to execute arbitrary commands with elevated privileges. Root access is disabled from Fabric OS 9.1.0 onward, but prior versions remain vulnerable. Remediation...
CVE-2020-15369
The vulnerability CVE-2020-15369 affects Brocade Fabric OS in the Supportlink CLI, where the password field is not obfuscated, allowing an authenticated user to obtain remote-server credentials and potentially access the remote host. Affected products include Brocade Fabric OS versions up to 8.2....
CVE-2020-15387
The CVE-2020-15387 entry concerns Brocade Fabric OS hosts whose SSH servers (and SANnav) used keys
CVE-2020-15388
CVE-2020-15388 affects Brocade Fabric OS; an authenticated CLI user can abuse the history command to write arbitrary content to files in vulnerable builds. Affected OS versions include Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h. Confirmed by multiple sources (Red Hat, Broadcom ad...
CVE-2020-15375
The vulnerability CVE-2020-15375 affects Brocade Fabric OS (FOS) prior to targeted versions (v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g). It is an input validation weakness in the command-line interface when secccrypptocfg is invoked, allowing a local authenticated user to run arbitr...
CVE-2023-31425
CVE-2023-31425 affects Brocade Fabric OS: a vulnerability in the fosexec command could allow a local authenticated user to escalate to root by breaking rbash. Affected: Fabric OS v9.1.0+ up to before v9.1.1; root access is disabled starting with v9.1.0. Remediation: security updates released in F...