Lucene search
K
BroadcomMost viewed

879 matches found

Broadcom
Broadcom
added 2021/05/10 12:0 a.m.36 views

BSA-2021-1490

Security Advisory ID : BSA-2021-1490 Component : Web Management Interface Revision : 1.1 The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An...

5.3CVSS7.4AI score0.00272EPSS
Exploits0
Broadcom
Broadcom
added 2024/12/12 12:0 a.m.35 views

Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks (CVE-2024-53677)

Brocade Security Team has become aware of a critical Remote Code Execution affecting Apache Struts. Detail An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code...

9.5CVSS7.3AI score0.78198EPSS
Exploits15
Broadcom
Broadcom
added 2024/04/25 12:0 a.m.35 views

Protection mechanisms (CVE-2024-4159)

Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information...

4.3CVSS7.6AI score0.00517EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2024/04/16 12:0 a.m.35 views

Excessive time spent checking DH keys and parameters (CVE-2023-3446)

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...

5.3CVSS7.1AI score0.05533EPSS
Exploits0
Broadcom
Broadcom
added 2023/08/01 12:0 a.m.35 views

Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.

Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link symlink following. Products Confirmed Not Affected No Brocade Fibre Channel products are affected by this vulnerability Solution While Brocade Fabric OS is not vulnerable to this exploit, a security scan may repo...

7.8CVSS7.2AI score0.00459EPSS
Exploits0
Broadcom
Broadcom
added 2023/08/01 12:0 a.m.35 views

A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.

A race condition in the Linux kernel before 5.5.7 involving VTRESIZEX could lead to a NULL pointer dereference and general protection fault...

5.1CVSS7AI score0.00298EPSS
Exploits1
Broadcom
Broadcom
added 2023/05/19 12:0 a.m.35 views

CVE-2020-25695 - Multiple features escape "security restricted operation" sandbox

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...

8.8CVSS8.8AI score0.4644EPSS
Exploits0
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.35 views

CVE-2021-4044: Invalid handling of X509_verify_cert() internal errors in libssl

Security Advisory ID : BSA-2022-1661 Component : OpenSSL Revision : 1.0 A flaw was found in the way OpenSSL verified certificates via the X509verifycert function. X509verifycert fuunction may return a negative return value to indicate an internal error for example, out of memory. Such a negative...

7.5CVSS7.1AI score0.50099EPSS
Exploits0
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.35 views

CVE-2022-33186 : EZServer module vulnerability. (BSA-2022-2121)

Security Advisory ID: BSA-2022-2121 Component: EZServer Revision: 2.1 A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning,...

9.4CVSS9.7AI score0.01546EPSS
Exploits2
Broadcom
Broadcom
added 2022/07/14 12:0 a.m.35 views

BSA-2022-2019

Security Advisory ID : BSA-2022-2019 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise...

5.3CVSS4.9AI score0.03782EPSS
Exploits0
Broadcom
Broadcom
added 2022/07/14 12:0 a.m.35 views

BSA-2022-1730

Security Advisory ID : BSA-2022-1730 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle...

5.3CVSS5AI score0.03765EPSS
Exploits0
Broadcom
Broadcom
added 2022/07/14 12:0 a.m.35 views

BSA-2022-1733

Security Advisory ID : BSA-2022-1733 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle Graal...

5.3CVSS5AI score0.0335EPSS
Exploits0
Broadcom
Broadcom
added 2021/05/10 12:0 a.m.35 views

BSA-2021-1492

Security Advisory ID : BSA-2021-1492 Component : ipfilter Revision : 1.1 The command “ipfilter” in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0CBN4,and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to...

7.8CVSS7.9AI score0.00455EPSS
Exploits0
Broadcom
Broadcom
added 2021/02/08 12:0 a.m.35 views

BSA-2021-1291

Security Advisory ID : BSA-2021-1291 Component : SSH Revision : 2.0: Final The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h,v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks...

5.9CVSS7.4AI score0.00491EPSS
Exploits0
Broadcom
Broadcom
added 2020/09/08 12:0 a.m.35 views

BSA-2020-1073

Security Advisory ID : BSA-2020-1073 Component : HTTP Management Interface Revision : 1.1 A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0CBN3, v7.4.2g could allow authenticated attackers...

6.1CVSS7AI score0.00513EPSS
Exploits0
Broadcom
Broadcom
added 2020/09/08 12:0 a.m.35 views

BSA-2020-1077

Security Advisory ID : BSA-2020-1077 Component : HTTP management interface Revision : 2.0 Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0, v8.2.3 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTT...

6.1CVSS8AI score0.00765EPSS
Exploits0
Broadcom
Broadcom
added 2025/02/13 12:0 a.m.34 views

SANnav ROCKY LINUX Upgrade for RLSA-2024:5530, RLSA-2024:5101, RLSA-2024:4583, RLSA-2024:3501, RLSA-2024:3513, RLSA-2024:3619, RLSA-2024:4349, RLSA-2024:4078, RLSA-2024:2758, RLSA-2024:2758

Brocade SANnav OVA versions 2.3.1b and 2.4.0 along with Brocade sannavova8xos122024 SANnav OVA patch from December 2024 utilize an upgraded Rocky Linux Kernel. The upgrade has provided Security updates for numerous security vulnerabilities. Rocky Linux Security Update for python-setuptools...

9.8CVSS6.8AI score0.08555EPSS
Exploits4
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.34 views

SANnav encrypted key in PostgreSQL startup logs (CVE-2024-29955)

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key...

5CVSS6.9AI score0.00112EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.34 views

A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches (CVE-2024-29965).

In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface "SSH". The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the...

6.8CVSS6.7AI score0.00411EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.34 views

Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files (CVE-2024-29967).

In Brocade SANnav before Brocade SANnav v2.3.1 and v2.3.0a, it was observed that Docker instances have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to these files...

4.4CVSS4.6AI score0.0024EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.34 views

hard-coded credential in the documentation that appear as the root password (CVE-2024-29966).

Brocade SANnav OVAprovides a Linux root account for use during the initial installation and management of the SANnav product. The default password for the root account is documented in the SANnav installation guide. This could allow an unauthenticated attacker full access to a Brocade SANnav OVA ...

7.5CVSS7.9AI score0.0065EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.34 views

The class FileTransfer implemented uses the ssh-rsa signature scheme (CVE-2024-29950)

The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack...

6.5CVSS6.7AI score0.00306EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2024/04/16 12:0 a.m.34 views

Extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

An extension script is vulnerable if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". No bundled extension is vulnerable. Vulnerable uses do appear in a documentation example and in non-bundled extensions. Hence, the attack prerequisite is ...

7.5CVSS7.9AI score0.01572EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2023/08/29 12:0 a.m.34 views

Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.

Apache Shiro contains an authentication bypass vulnerability when it is forwarding or including requests usingRequestDispatchercomponent. This could allow an attacker to gain unauthorized access to the application...

9.8CVSS7.7AI score0.0221EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2023/08/01 12:0 a.m.34 views

CVE-2023-31431 - A buffer overflow vulnerability in “diagstatus” command

A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service...

5.5CVSS5.9AI score0.0026EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2022/07/29 12:0 a.m.34 views

Flaw in polkit

Security Advisory ID : BSA-2022-2011 Component : Polkit Revision : 1.0 There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage...

5.5CVSS5.6AI score0.0053EPSS
Exploits1
Broadcom
Broadcom
added 2021/05/10 12:0 a.m.34 views

BSA-2021-1495

Security Advisory ID : BSA-2021-1495 Component : CLI Revision : 1.0 Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations. Affected Products Brocade...

5.3CVSS5.4AI score0.00955EPSS
Exploits0
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.33 views

Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. (CVE-2024-29964)

Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files...

5.7CVSS5.4AI score0.0052EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.34 views

Encryption key in the console (CVE-2024-29958)

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to acquiring the encryption...

7.5CVSS6.5AI score0.0029EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2024/04/04 12:0 a.m.33 views

Truncated port name (CVE-2023-5973)

Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName contains reserved characters. This could allow an authenticated user to alter the UI of the Brocade Switch and change ports display. Note: The vulnerability doesn...

4.3CVSS6.6AI score0.00178EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2024/04/04 12:0 a.m.33 views

Remote code execution (RCE) vulnerability in Brocade Fabric OS (CVE-2023-3454)

Remote code execution RCE vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow a remote unauthenticated attacker to execute arbitrary code and use this to gain root access to the switch...

8.6CVSS9.1AI score0.01205EPSS
Exploits1
Broadcom
Broadcom
added 2023/08/29 12:0 a.m.33 views

CVE-2022-43937 - Sensitive fields are recorded in the debug-enabled logs

Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before v2.3.0 and 2.2.2a...

5.7CVSS6.9AI score0.00457EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2023/08/01 12:0 a.m.33 views

Potential Denial of Service exploit in Net-SNMP 5.8 through 5.9.3

handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker who has write access to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service...

6.5CVSS6.2AI score0.52054EPSS
Exploits1
Broadcom
Broadcom
added 2023/08/01 12:0 a.m.33 views

CVE-2023-31427 - Knowledge of full path name

Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled...

7.8CVSS7.9AI score0.002EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2023/05/19 12:0 a.m.33 views

CVE-2022-1552 : Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS9AI score0.12403EPSS
Exploits0
Broadcom
Broadcom
added 2022/07/14 12:0 a.m.33 views

BSA-2022-1931

Security Advisory ID : BSA-2022-1931 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM...

5.3CVSS5AI score0.03458EPSS
Exploits0
Broadcom
Broadcom
added 2017/06/23 12:0 a.m.33 views

BSA-2017-323

Security Advisory ID : BSA-2017-323 Component : JAVA SE JCE Revision : 3.0: Final Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13...

7.7CVSS6.6AI score0.00759EPSS
Exploits2
Broadcom
Broadcom
added 2024/11/01 12:0 a.m.32 views

Buffer overrun from integer overflow in array modification (CVE-2023-5869)

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing...

8.8CVSS9AI score0.04322EPSS
Exploits0
Broadcom
Broadcom
added 2024/04/25 12:0 a.m.32 views

Brocade SANnav exposes Kafka in the wan interface (CVE-2024-4173)

Brocade SANnav ports used by Kafka are open for the entire wan vs being limited to only the FabricOS switches discovered by the SANnav. Additionally, in Brocade SANnav versions priorto version v2.2.0, the Kafka process is started as a root user using defaultcredentials. The vulnerability could...

7.6CVSS7.5AI score0.00588EPSS
Exploits0
Broadcom
Broadcom
added 2023/08/01 12:0 a.m.32 views

CVE-2023-31429 - Vulnerability in multiple commands

Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content ...

5.5CVSS5.6AI score0.00205EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2023/08/01 12:0 a.m.32 views

CVE-2023-31432 - Privilege issues in multiple commands

Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0...

7.8CVSS7.9AI score0.00159EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2022/05/04 12:0 a.m.32 views

BSA-2022-1843

Security Advisory ID : BSA-2022-1843 Component : Password Encryption Revision : 1.0 Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords. Affecte...

7.8CVSS6.3AI score0.00275EPSS
Exploits0
Broadcom
Broadcom
added 2021/05/10 12:0 a.m.32 views

BSA-2021-1483

Security Advisory ID : BSA-2021-1483 Component : JMX Revision : 1.0 Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server. Affected Products Brocade SANnav versions before SANnav 2.1...

5.3CVSS7.7AI score0.01033EPSS
Exploits0
Broadcom
Broadcom
added 2021/05/10 12:0 a.m.32 views

BSA-2021-1491

Security Advisory ID : BSA-2021-1491 Component : Web Application Service Revision : 1.0 The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication heade...

4.3CVSS5.7AI score0.00604EPSS
Exploits0
Broadcom
Broadcom
added 2020/09/08 12:0 a.m.32 views

BSA-2020-1078

Security Advisory ID : BSA-2020-1078 Component : Supportlink CLI Revision : 2.0 Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An...

8.7CVSS9.4AI score0.01002EPSS
Exploits0
Broadcom
Broadcom
added 2020/06/16 12:0 a.m.32 views

BSA-2020-1019

Security Advisory ID : BSA-2020-1019 Component : Treck IP stack Revision : 1.0: Final Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls themRipple20. More information is...

10CVSS7.1AI score0.36965EPSS
Exploits21
Broadcom
Broadcom
added 2023/08/29 12:0 a.m.31 views

CVE-2023-31423 - Possible information exposure through log file vulnerability

Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the attacker must first collect a "supportsave" on Brocade SANnav or have access to an...

5.7CVSS6.5AI score0.00205EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2023/08/29 12:0 a.m.31 views

Buffer overflow in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string

Buffer overflow in the charsettointern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. Notes: Brocade SANnav contains the affected open source routines, but these...

7.5CVSS8AI score0.04898EPSS
Exploits2
Broadcom
Broadcom
added 2023/08/01 12:0 a.m.31 views

NULL pointer dereference in libxml2 through 2.9.8

when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing...

7.5CVSS7.4AI score0.03681EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2022/05/03 12:0 a.m.31 views

BSA-2022-1837

Security Advisory ID : BSA-2022-1837 Component : H2 Revision : 1.0 An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files outside of their permissions via a symlink to a fake database file. Affected Products. Brocade...

6.5CVSS6.4AI score0.13389EPSS
Exploits5
Total number of security vulnerabilities879