Lucene search
K
BroadcomMost viewed

879 matches found

Broadcom
Broadcom
added 2021/07/28 12:0 a.m.31 views

BSA-2021-1552

Security Advisory ID : BSA-2021-1552 Component : Authentication Revision : 1.0: Final A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through...

7.8CVSS7.7AI score0.0024EPSS
Exploits0
Broadcom
Broadcom
added 2021/05/10 12:0 a.m.32 views

BSA-2021-1482

Security Advisory ID : BSA-2021-1482 Component : Logging Revision : 1.0 Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level. Affected Products Brocade SANnav versions before SANnav 2.1.1...

7.5CVSS7.6AI score0.00986EPSS
Exploits0
Broadcom
Broadcom
added 2020/09/08 12:0 a.m.31 views

BSA-2020-1081

Security Advisory ID : BSA-2020-1081 Component : shell variables Revision : 2.0 A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell...

5.5CVSS7.4AI score0.00338EPSS
Exploits0
Broadcom
Broadcom
added 2024/11/12 12:0 a.m.30 views

SQLite Vulnerable to Out-of-Bounds Memory Access via Insufficient Input Validation in 'sessionReadRecord' Function of 'Sessions' Extension

SQLite is vulnerable to an out-of-bounds memory access issue due to a lack of sufficient input validation in the sessionReadRecord function. An attacker could submit a crafted input in order to trigger the flaw which could allow for a 1-byte out-of-bounds read to occur which could lead to...

7.3CVSS6.5AI score0.01249EPSS
Exploits1
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.30 views

Ping at regular intervals (CVE-2024-29961)

A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com and ignite.apache.org to check if updates are available for the Component. This could make an unauthenticated, remote...

8.2CVSS8.3AI score0.00756EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2023/08/01 12:0 a.m.30 views

CVE-2023-31426 - scp, sftp, ftp servers passwords in supportsave

The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information...

6.8CVSS6.4AI score0.00519EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2023/08/01 12:0 a.m.30 views

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion

In Expat aka libexpat before 2.4.5, an attacker can trigger stack exhaustion in buildmodel via a large nesting depth in the DTD element...

6.5CVSS7.2AI score0.03268EPSS
Exploits0
Broadcom
Broadcom
added 2023/08/01 12:0 a.m.30 views

NULL pointer dereference in libxml2 through 2.9.8

when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing...

7.5CVSS7.4AI score0.03681EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2023/08/01 12:0 a.m.30 views

CVE-2023-31928 - XSS vulnerability in Brocade Webtools

A reflected cross-site scripting XSS vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools...

6.3CVSS6.2AI score0.00391EPSS
Exploits0
Broadcom
Broadcom
added 2021/05/10 12:0 a.m.30 views

BSA-2021-1484

Security Advisory ID : BSA-2021-1484 Component : hard-coded administrator account Revision : 1.0 Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time. Affected Products Brocade...

6.6CVSS7.1AI score0.00863EPSS
Exploits0
Broadcom
Broadcom
added 2021/05/10 12:0 a.m.30 views

BSA-2021-1486

Security Advisory ID : BSA-2021-1486 Component : File Listing Revision : 1.0 Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create...

8.1CVSS5.4AI score0.00542EPSS
Exploits0
Broadcom
Broadcom
added 2020/09/08 12:0 a.m.30 views

BSA-2020-1080

Security Advisory ID : BSA-2020-1080 Component : seccryptocfg templates Revision : 2.0 Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0CBN3, contains code injection and privilege escalation vulnerability. The vulnerability could allow an unauthenticate...

6.7CVSS9.8AI score0.01269EPSS
Exploits0
Broadcom
Broadcom
added 2024/11/12 12:0 a.m.29 views

A use-after-free vulnerability exists in the Linux kernel's netfilter: nf_tables component

The Linux kernel is vulnerable to memory corruption due to improper error handling within the netfilter functionality. A local attacker could exploit this vulnerability in order to elevate their privileges. A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be...

7.8CVSS7.1AI score0.28058EPSS
Exploits16
Broadcom
Broadcom
added 2024/07/30 12:0 a.m.29 views

SNMP passwords in clear text if password encryption is not configured. (CVE-2024-5462)

If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords ...

5.3CVSS6.7AI score0.00152EPSS
Exploits0
Broadcom
Broadcom
added 2024/04/25 12:0 a.m.29 views

Syslog traffic sent in clear-text (CVE-2024-4161)

In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic was received in clear text. This could allow an unauthenticated, remote attacker to capture sensitive information...

8.6CVSS6.8AI score0.0047EPSS
Exploits0
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.29 views

Insecure file permission setting that makes files world-readable (CVE-2024-29962).

Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java binary...

5.5CVSS6.5AI score0.00183EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.29 views

Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node support save (CVE-2024-29959).

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save...

8.6CVSS6.8AI score0.00476EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2023/08/29 12:0 a.m.29 views

CVE-2023-31424 - Web authentication and authorization bypass

Brocade SANnav web interface before Brocade SANnav v2.3.0 and v2.2.2a allow remote unauthenticated users to bypass web authentication and authorization...

8.1CVSS7.7AI score0.00678EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2023/08/29 12:0 a.m.29 views

An improper access control vulnerability has been discovered in Apache Spark

In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute co...

9.8CVSS9.4AI score0.08721EPSS
Exploits0
Broadcom
Broadcom
added 2023/08/01 12:0 a.m.29 views

Potential privilege escalation by embedding shell commands in a mountpoint name

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command within Bash by a different user, as demonstrated by logging in as root and entering umount followed by a tab...

7.8CVSS7.8AI score0.00441EPSS
Exploits0
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.29 views

CVE-2022-43936: Switch passwords in logs

Brocade SANnav versions before v2.2.2 improperly expose Brocade Fabric OS switch password when debugging is turned on. A local or remote authenticated privileged user with access to logs may gain switch users' passwords. Products Affected Brocade SANnav versions before v2.2.2 Products Confirmed N...

6.8CVSS2AI score0.00766EPSS
Exploits0
Broadcom
Broadcom
added 2022/03/02 12:0 a.m.29 views

BSA-2022-1675

Security Advisory ID : BSA-2022-1675 Component : logback Revision : 1.0 In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. Brocade has...

6.6CVSS7AI score0.04439EPSS
Exploits1
Broadcom
Broadcom
added 2021/02/15 12:0 a.m.29 views

BSA-2021-1319

Security Advisory ID : BSA-2021-1319 Component : Brocade SANnav Revision : 1.0: Final Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name. Note: When...

7.5CVSS7.5AI score0.01271EPSS
Exploits0
Broadcom
Broadcom
added 2024/11/12 12:0 a.m.28 views

SFTP/FTP password could be captured in plain text in Supportsave generated from SANnav

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave. Description The...

5.9CVSS6.5AI score0.00644EPSS
Exploits0
Broadcom
Broadcom
added 2024/09/27 12:0 a.m.28 views

Brocade Fabric OS (10.x and 9.2.x Releases) Vulnerability Disclosures

Brocade Security Advisories posted on March 3, 2026 CVE addressed in FOS 10.0.0 CVE-2025-26465 OpenSSH security update for CVE-2025-26465 PSIRT Risk: Low for FOS https://support.broadcom.com/external/content/SecurityAdvisories/0/37134 CVEs previously addressed in FOS 9.2.2 CVE-2025-228871,...

9.8CVSS7.7AI score0.06997EPSS
Exploits8
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.28 views

plaintext passwords storage in logs by manipulating command variables (CVE-2024-29952)

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables...

5.5CVSS6.6AI score0.00112EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.28 views

Identical SSH keys utilized inside the OVA image (CVE-2024-29960)

In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav...

6.8CVSS7.2AI score0.0031EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.28 views

CVE-2022-43934 : Weak Key-exchange algorithms

Security Advisory ID : BSA-2022-2124 Component : Crypto Revision : 1.0 Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095...

6.5CVSS7.3AI score0.00473EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2022/06/22 12:0 a.m.28 views

BSA-2022-1977

Security Advisory ID : BSA-2022-1977 Component : TLS/SSL Revision : 1.0 In Brocade SANnav versions before v2.2.0.2, and v2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers ssl-static-key-ciphers on ports 443 & 18082. Affected Products Brocade SANnav versions befo...

7.5CVSS7.6AI score0.00534EPSS
Exploits0
Broadcom
Broadcom
added 2021/05/10 12:0 a.m.28 views

BSA-2021-1496

Security Advisory ID : BSA-2021-1496 Component : config and secnotify processes Revision : 1.0 Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of...

7.5CVSS7.5AI score0.0099EPSS
Exploits0
Broadcom
Broadcom
added 2020/09/08 12:0 a.m.28 views

BSA-2020-1082

Security Advisory ID : BSA-2020-1082 Component : REST API Revision : 2.0 Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks. Note:...

7.2CVSS10AI score0.02367EPSS
Exploits0
Broadcom
Broadcom
added 2016/08/31 12:0 a.m.28 views

BSA-2016-134

Security Advisory ID : BSA-2016-134 Component : Crypto Revision : 2.0: Final The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to...

7.5CVSS6.8AI score0.95707EPSS
Exploits7
Broadcom
Broadcom
added 2026/05/19 12:0 a.m.27 views

Security update provided in Brocade ASCG3.4.0b Base OS (OVA Deployment) for Rocky Linux Kernel

Security update provided in Brocade ASCG3.4.0b Base OS OVA Deployment for Rocky Linux Kernel CVE-2022-50673 - Linux Kernel 'ext4' Vulnerable to Use-After-Free via Improper Error Handling in 'ext4orphancleanup' CVE-2022-50865 - Linux Kernel Vulnerable to Signed Integer Overflow via Backlog Limit...

7.8CVSS5.8AI score0.0071EPSS
Exploits3
Broadcom
Broadcom
added 2023/08/01 12:0 a.m.27 views

libcgroup up to and including 0.41 creates file with mode 0666 regardless of the configured umask, leading to disclosure of information.

libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information...

8.1CVSS7.8AI score0.02316EPSS
Exploits0
Broadcom
Broadcom
added 2023/08/01 12:0 a.m.27 views

CVE-2023-31927 - An information disclosure in the web interface of Brocade Fabric OS

An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface...

5.3CVSS5.4AI score0.00484EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2023/08/01 12:0 a.m.27 views

CVE-2023-31430 - buffer overflow vulnerability in “secpolicydelete” command

A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service...

5.5CVSS5.9AI score0.0026EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.27 views

CVE-2022-43933 : Configuration secrets are logged in support-save

Security Advisory ID : BSA-2022-2123 Component : Configsecrets Revision : 1.0 An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in support-save. Support-save file is generated by an admin user...

4.4CVSS6.9AI score0.00261EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.27 views

CVE-2022-43935: Switch passwords and authorization IDs are printed in the embedded MLS DB file5

Security Advisory ID : BSA-2022-2125 Component : MLSDB Revision : 1.0 An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file...

5.3CVSS7AI score0.00223EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.27 views

CVE-2022-28170. Brocade Fabric OS Web Application services store server and user passwords in the debug statements.

Security Advisory ID : BSA-2022-2076 Component : FOS Revision : 1.1 Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file...

6.5CVSS7AI score0.00207EPSS
Exploits0
Broadcom
Broadcom
added 2020/09/08 12:0 a.m.27 views

BSA-2020-1075

Security Advisory ID : BSA-2020-1075 Component : Management Interface Revision : 2.0 A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 or before Brocade Fabric OS v8.2.1could allow a remote attacker to perform a denial of service attack on t...

5.3CVSS8.5AI score0.01439EPSS
Exploits0
Broadcom
Broadcom
added 2026/05/19 12:0 a.m.26 views

Security update provided in Brocade ASCG3.4.0b Base OS (OVA Deployment) for glib2 (CVE-2025-13601), libsoup (CVE-2025-14523, CVE-2026-0719, CVE-2026-1761), libpng (CVE-2025-64720, CVE-2025-65018, CVE-2025-66293),  python-urllib3 (CVE-2025-66418, CVE-2025-66471, CVE-2026-21441), gnupg2 (CVE-2025-68973)

Security update provided in Brocade ASCG3.4.0b Base OS OVA Deployment for glib2 CVE-2025-13601, libsoup CVE-2025-14523, CVE-2026-0719, CVE-2026-1761, libpng CVE-2025-64720, CVE-2025-65018, CVE-2025-66293, python-urllib3 CVE-2025-66418, CVE-2025-66471, CVE-2026-21441, gnupg2 CVE-2025-68973 Product...

8.9CVSS6.8AI score0.02667EPSS
Exploits7
Broadcom
Broadcom
added 2024/05/08 12:0 a.m.27 views

The Postgres implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw (CVE-2024-2860)

The Postgres implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker with access to the VM where the Brocade SANnav is installed can gain access to sensitive data inside the Postgres database...

7.8CVSS6.8AI score0.00161EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.26 views

TLS/SSL weak message authentication code ciphers are added by default for port 18082.(CVE-2024-29969)

When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082...

7.5CVSS7.2AI score0.0029EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.26 views

SHA-1 hash in internal SSH ports that are not open to remote connection.(CVE-2024-29951)

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection...

5.7CVSS6.8AI score0.00163EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.26 views

CVE-2022-28169 - Brocade Fabric OS Privilege Escalation Vulnerability (BSA-2022-2075)

Security Advisory ID : BSA-2022-2075 Component : Webtools Revision : 3.1 Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools user to gain elevated admin rights, or privileges, beyond what is intended or...

7.3CVSS7AI score0.00707EPSS
Exploits0
Broadcom
Broadcom
added 2020/09/08 12:0 a.m.26 views

BSA-2020-1079

Security Advisory ID : BSA-2020-1079 Component : firmwareDownload Revision : 2.0 A vulnerability in the firmwaredownload operation in Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability i...

5CVSS8AI score0.01046EPSS
Exploits0
Broadcom
Broadcom
added 2024/12/09 12:0 a.m.25 views

OS command injection vulnerability in OpenSSH (CVE-2023-51385)

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or...

6.5CVSS7.2AI score0.19753EPSS
Exploits8
Broadcom
Broadcom
added 2024/11/12 12:0 a.m.25 views

OpenSSL is vulnerable to a denial of service, caused by a flaw in the handling of RSA public keys by the EVP_PKEY_public_check() function

OpenSSL is vulnerable to a denial-of-service DoS issue due to how there is no restriction on RSA public key size, or the subsequent time spent processing such keys. Applications that use the EVPPKEYpubliccheck function to check RSA public keys obtained from potentially untrusted sources can be...

5.3CVSS6.5AI score0.02303EPSS
Exploits0
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.25 views

CVE-2022-33178. A vulnerability in the radius authentication system could allow arbitrary code execution.

Security Advisory ID : BSA-2022-2077 Component : FOS Revision : 1.0 A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. Due to improper input validation, the privileged...

7.2CVSS8.3AI score0.01289EPSS
Exploits0
Broadcom
Broadcom
added 2021/05/10 12:0 a.m.25 views

BSA-2020-1130

Security Advisory ID : BSA-2020-1130 Component : NGINX Revision : 1.0 NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load...

5.3CVSS6.7AI score0.14961EPSS
Exploits3
Total number of security vulnerabilities879