Security Advisories (formerly Vulnerability Notices)

Blog Articles

SA-2023-009 - OpenJDK Vulnerabilities Advisory

SummaryExtreme Networks is evaluating exposure to Oracle Java SE vulnerabilities enumerated in https://openjdk.org/groups/vulnerability/advisories/2022-04-19: CVE-2022-21426CVE-2022-21434CVE-2022-2144...

SA-2023-008 - Apache HTTP Server LimitXMLRequestBody (CVE-2022-22721)

SummaryIf LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32-bit systems, an integer overflow happens which later causes out of bounds writes. Products not lis...

SA-2023-007 - Apache HTTP Server Request Smuggling (CVE-2022-22720)

SummaryApache HTTP Server fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling. Products not listed in the Impact De...

SA-2023-047 - Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues (Leaking fr

SA-2023-107 - libcurl cookie injection with none file (CVE-2023-38546)

SA-2023-106 - SOCKS5 heap buffer overflow (CVE-2023-38545)

GTM-P2G8KFN