Lucene search
K
BroadcomMost viewed

879 matches found

Broadcom
Broadcom
added 2017/03/31 12:0 a.m.25 views

BSA-2017-220

Security Advisory ID : BSA-2017-220 Component : ntp Revision : 1.0: Interim The broadcast mode of NTP is expected to only be used in a trusted network. If the broadcast network is accessible to an attacker, a potentially exploitable denial of service vulnerability inntpd'sbroadcast mode replay...

4.3CVSS7.6AI score0.03939EPSS
Exploits1
Broadcom
Broadcom
added 2017/03/31 12:0 a.m.25 views

BSA-2017-204

Security Advisory ID : BSA-2017-204 Component : Linux Kernel Revision : 1.0: Interim Xen and the Linux kernel through 4.5.x do not properly suppresshugetlbfssupport in x86 PV guests, which allows local PV guest OS users to cause a denial of service guest OS crash by attempting to access...

5.5CVSS6.2AI score0.0051EPSS
Exploits0
Broadcom
Broadcom
added 2024/11/12 12:0 a.m.24 views

The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms

OpenSSL contains an issue in the POLY1305 MAC message authentication code implementation that might result in a corrupted internal application state. This flaw is only exploitable on PowerPC CPU based platforms if the CPU provides vector instructions PowerISA 2.07. The impact of the corrupted...

5.9CVSS6.8AI score0.02323EPSS
Exploits0
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.24 views

The encryption key is stored in the DR log files (CVE-2024-29957).

When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key.Products Affected...

7.5CVSS6.4AI score0.00301EPSS
Exploits0
Broadcom
Broadcom
added 2020/09/08 12:0 a.m.24 views

BSA-2020-1083

Security Advisory ID : BSA-2020-1083 Component : secccrypptocfg Revision : 2.0 Brocade Fabric OS before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0CBN3, v7.4.2g contains an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow...

6.7CVSS7.2AI score0.00305EPSS
Exploits0
Broadcom
Broadcom
added 2020/09/08 12:0 a.m.24 views

BSA-2020-1076

Security Advisory ID : BSA-2020-1076 Component : Database credentials Revision : 1.1 Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An unauthenticated malicious user with access to th...

9.8CVSS7.1AI score0.01032EPSS
Exploits0
Broadcom
Broadcom
added 2018/01/22 12:0 a.m.24 views

BSA-2018-527

Summary OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for...

1.4AI score
Exploits0Affected Software2
Broadcom
Broadcom
added 2018/01/17 12:0 a.m.24 views

BSA-2018-525

Security Advisory ID : BSA-2018-525 Component : Fabric OS Web GUI Revision : 1.0: Initial XSS vulnerabilities in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS FOS could allow remote unauthenticated attackers to execute arbitrary script code in...

6.1CVSS7.7AI score0.01458EPSS
Exploits0
Broadcom
Broadcom
added 2017/06/23 12:0 a.m.24 views

BSA-2017-327

Security Advisory ID : BSA-2017-327 Component : JAVA SE Networking Revision : 3.0: Final Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficul...

4.2CVSS5.5AI score0.02211EPSS
Exploits0
Broadcom
Broadcom
added 2017/04/28 12:0 a.m.24 views

BSA-2017-244

Security Advisory ID : BSA-2017-244 Component : SNMP Revision : 2.0: Interim An SNMP community name is the default e.g. public, null, or missing. Affected Products Product| Current Assessment ---|--- Brocade Virtual Web Application Firewall| Impacted: Make sure SNMP is not enabled...

7.5CVSS7AI score0.27166EPSS
Exploits3
Broadcom
Broadcom
added 2026/05/19 12:0 a.m.23 views

Security updated provided in Brocade ASCG 3.4.0b for container-tools (CVE-2024-24785, CVE-2025-61729, CVE-2025-65637)

Security update provided in Brocade ASCG before ASCG 3.4.0b CVE-2024-24785 Title: Errors returned from JSON marshaling may break template escaping in html/template Description If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual...

7.5CVSS5.8AI score0.00795EPSS
Exploits3
Broadcom
Broadcom
added 2026/01/27 12:0 a.m.23 views

Scan discovered multiple CVEs against glibc

Binary scan of Brocade Fabric OS identified multiple potential CVEs against glibc CVE-2020-6096 An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on ARMv7 targets that utilize the GNU glibc implementation with a negativ...

8.1CVSS7.8AI score0.05223EPSS
Exploits1
Broadcom
Broadcom
added 2024/11/12 12:0 a.m.23 views

close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE

GNU is vulnerable to command injection due to missing sanitization of filenames when the LESSCLOSE environment variable is set and invoked. This could allow an attacker to execute malicious commands within the privileges of the utility...

7CVSS7.6AI score0.01059EPSS
Exploits0
Broadcom
Broadcom
added 2024/11/12 12:0 a.m.23 views

Checking excessively long DSA keys or parameters may be very slow

OpenSSL contains an unbounded computation flaw when performing checks on excessively large DSA keys or parameters, which could lead to a denial-of-service DoS attack. The OpenSSL pkey, pkeyparam command line apps, and FIPS providers are affected...

5.3CVSS6.6AI score0.01131EPSS
Exploits0
Broadcom
Broadcom
added 2023/08/29 12:0 a.m.23 views

PostgreSQL vulnerability in SANnav 2.2.0.2

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...

8CVSS7.6AI score0.0152EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2023/08/01 12:0 a.m.23 views

Flaw in glib could leak content from files owned by privileged users to unprivileged ones.

A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition...

5.5CVSS5.4AI score0.00531EPSS
Exploits1
Broadcom
Broadcom
added 2023/08/01 12:0 a.m.23 views

CVE-2023-31926 - Arbitrary File Overwrite using less command

System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0...

7.1CVSS7.1AI score0.00148EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2021/05/10 12:0 a.m.23 views

BSA-2020-973

Security Advisory ID : BSA-2020-973 Component : jQuery Revision : 1.0 In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e..html, .append, and others...

6.9CVSS6.9AI score0.8383EPSS
Exploits6
Broadcom
Broadcom
added 2018/08/22 12:0 a.m.23 views

BSA-2018-698

Security Advisory ID : BSA-2018-698 Component : OpenSSH Revision : 2.0: Final OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c...

5.9CVSS6.9AI score0.98631EPSS
Exploits23
Broadcom
Broadcom
added 2018/07/02 12:0 a.m.23 views

BSA-2018-636

Security Advisory ID : BSA-2018-636 Component : OpenSSL Revision : 2.0: Final The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process coul...

5.9CVSS6.7AI score0.12046EPSS
Exploits0
Broadcom
Broadcom
added 2017/05/02 12:0 a.m.23 views

BSA-2017-208

Security Advisory ID : BSA-2017-208 Component : FOS Revision : 2.0: Interim A privilege escalation vulnerability in BrocadeFibreChannel SAN products running Brocade Fabric OS FOS releases earlier than v7.4.1d and v8.0.1b could allow an authenticated, attacker to elevate the privileges of user...

9CVSS7.5AI score0.03051EPSS
Exploits0
Broadcom
Broadcom
added 2017/05/02 12:0 a.m.23 views

BSA-2017-264

Security Advisory ID : BSA-2017-264 Component : OpenSSL Revision : 1.0: Interim During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL to crash dependent onciphersuite. Both clients and...

7.5CVSS8.6AI score0.12874EPSS
Exploits0
Broadcom
Broadcom
added 2017/03/31 12:0 a.m.23 views

BSA-2017-207

Security Advisory ID : BSA-2017-207 Component : OpenSSL Revision : 1.0: Interim Severity: Low-There is a carry propagating bug in the Broadwell-specific Montgomerymultiplication procedure that handles input lengths divisible by, butlonger than 256 bits. Analysis suggests that attacks against RSA,...

5.9CVSS9.5AI score0.14225EPSS
Exploits1
Broadcom
Broadcom
added 2017/01/06 12:0 a.m.23 views

BSA-2017-179

Security Advisory ID : BSA-2017-179 Component : BNA Revision : 1.0: Final A Directory Traversal Vulnerability in servletSoftwareImageUploadin the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently dele...

7.5CVSS7AI score0.14542EPSS
Exploits0
Broadcom
Broadcom
added 2026/03/03 12:0 a.m.22 views

Security update provided for multiple Go Open-source programming language

Security update provided for multiple Go Open-source programming language. CVE-2025-22871 Affects: net/http/internal The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjuncti...

9.1CVSS5.7AI score0.00868EPSS
Exploits2
Broadcom
Broadcom
added 2026/01/27 12:0 a.m.22 views

Multiple Linux Security Updates applied to Brocade Fabric OS 10.0

Multiple Linux Security Updates applied to Brocade Fabric OS 10.0.0. While the Brocade Fabric OS is not affected by any of these public vulnerabilities, security updates have been applied as part of a proactive security practice CVE-2024-26596 Brocade Fabric OS before 10.0.0 not affected VEX...

9.8CVSS7.3AI score0.01305EPSS
Exploits1
Broadcom
Broadcom
added 2025/12/15 12:0 a.m.22 views

unauthenticated remote code execution vulnerability in React Server Components. React (CVE-2025-55182), Next.js (CVE-2025-66478).

CVE-2025-55182 Description: A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable co...

10CVSS7.9AI score0.99562EPSS
Exploits388
Broadcom
Broadcom
added 2025/07/15 12:0 a.m.22 views

Rocky Linux Updates in ASCG 3.3.0

Multiple Rocky Linux updates applied to Brocade ASCG 3.3.0 RockyLinux 8:bzip2 RLSA-2025:0733 bzip2: bzip2: Data integrity error when decompressing with data integrity tests fail. CVE-2019-12900 RockyLinux 8:pam RLSA-2024:10379 pam: libpam: Libpam vulnerable to read hashed password CVE-2024-10041...

9.8CVSS7.4AI score0.93305EPSS
Exploits39
Broadcom
Broadcom
added 2024/11/02 12:0 a.m.22 views

By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container (CVE-2024-29018)

github.com/docker/docker/libnetwork is a package that provides a native Go implementation for connecting containers Affected versions of this package are vulnerable to Improper Control of a Resource Through its Lifetime, allowing DNS requests from internal networks to be forwarded to an external...

5.9CVSS6AI score0.0075EPSS
Exploits0
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.22 views

SQL Table names, column names, and SQL queries are collected in DR standby Supportsave (CVE-2024-29968)

An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access...

7.7CVSS6.7AI score0.00463EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2023/11/07 12:0 a.m.22 views

An Improper Input Validation vulnerability for the registered case credentials (CVE-2023-5649)

An Improper Input Validation vulnerability for the registered case credentials in Brocade ASCG before v3.0 could allow a local authenticated user to provide invalid inputs like special characters leading to a Denial of Service DoS when collecting “supportsave” from a Brocade Switch...

5CVSS6.6AI score
Exploits0
Broadcom
Broadcom
added 2023/08/01 12:0 a.m.22 views

Security updates provided in Brocade Fabric OS v9.2.0, v9.1.1c, v8.2.3d

Dear Brocade Customer: This Advisory aims to inform you of Brocade Fabric OS Security updates in Brocade Fabric OS v9.2.0, v9.1.1c, and v8.2.3d. Please review the recently posted security advisories listed here: Updated Security Advisories...

10CVSS8AI score0.96275EPSS
Exploits16
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.22 views

CVE-2022-33180. Sensitive files export.

Security Advisory ID : BSA-2022-2082 Component : FOS Revision : 1.1 A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”. Affected...

5.5CVSS6.8AI score0.00212EPSS
Exploits0
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.22 views

CVE-2022-33179. A vulnerability in Brocade Fabric OS CLI could allow an attacker to break out of restricted shells and escalate privileges

Security Advisory ID : BSA-2022-2079 Component : FOS Revision : 1.1 A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. Affecte...

5.5CVSS7.1AI score0.00184EPSS
Exploits0
Broadcom
Broadcom
added 2021/05/10 12:0 a.m.22 views

BSA-2021-1493

Security Advisory ID : BSA-2021-1493 Component : CLI Revision : 1.1 A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0CBN4,and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files. Affected Products...

6.5CVSS7AI score0.00786EPSS
Exploits0
Broadcom
Broadcom
added 2020/09/08 12:0 a.m.22 views

BSA-2020-1074

Security Advisory ID : BSA-2020-1074 Component : LDAP injection Revision : 1.0 A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability allows a remote attacker to bypass the authentication process. Affect...

6.8CVSS9.3AI score0.01865EPSS
Exploits0
Broadcom
Broadcom
added 2020/01/24 12:0 a.m.23 views

BSA-2020-905

Security Advisory ID : BSA-2020-905 Component : authentication Revision : 1.0: Final Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server. When using certain CL...

7.5CVSS7.5AI score0.01476EPSS
Exploits0
Broadcom
Broadcom
added 2017/05/02 12:0 a.m.22 views

BSA-2017-255

Security Advisory ID : BSA-2017-255 Component : OpenSSH Revision : 2.0: Final Thekbdintnextdevicefunction in auth2-chall.c insshdinOpenSSHthrough 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to...

8.5CVSS6.9AI score0.09302EPSS
Exploits1
Broadcom
Broadcom
added 2017/03/31 12:0 a.m.22 views

BSA-2017-221

Security Advisory ID : BSA-2017-221 Component : Low bandwidth ICMP attack Revision : 1.0: Interim Blacknurseis a low bandwidth ICMP attack that is capable of doing denial of service towell knownfirewalls.MostICMP attacks that we see are based on ICMP Type 8 Code 0 also called a ping flood...

4.3CVSS7.6AI score0.03939EPSS
Exploits1
Broadcom
Broadcom
added 2017/03/31 12:0 a.m.22 views

BSA-2017-227

Security Advisory ID : BSA-2017-227 Component : ntp Revision : 1.0: Interim Bug 2085 described a condition where the root delay was included twice, causing the jitter value to be higher than expected. Due to a misinterpretation of a small-print variable in The Book, the fix for this problem was...

5.3CVSS7.9AI score0.09841EPSS
Exploits0
Broadcom
Broadcom
added 2017/01/06 12:0 a.m.22 views

BSA-2017-177

Security Advisory ID : BSA-2017-177 Component : BNA Revision : 1.0: Final A Directory Traversal Vulnerability inFileReceiveServletin the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload malicious file in a section of the file system...

10CVSS6.9AI score0.07131EPSS
Exploits0
Broadcom
Broadcom
added 2017/01/06 12:0 a.m.22 views

BSA-2016-209

Security Advisory ID : BSA-2016-209 Component : Web UI Revision : 1.0: Final A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0, could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster...

8CVSS6.8AI score0.00466EPSS
Exploits0
Broadcom
Broadcom
added 2016/12/14 12:0 a.m.22 views

BSA-2016-198

Security Advisory ID : BSA-2016-198 Component : curl/libcurl Revision : 2.0: Final Use-after-free vulnerability inlibcurlbefore 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors...

8.1CVSS7.6AI score0.08037EPSS
Exploits0
Broadcom
Broadcom
added 2026/03/03 12:0 a.m.21 views

Rocky Linux kernel security update Advisories in Brocade ASCG 3.4.0 Ova

Security updates are provided for multiple CVEs for Rocky Linux Kernel. kernel RLSA-2025:11850 CVE-2022-49977, CVE-2025-21905, CVE-2025-21919 kernel RLSA-2025:12752 CVE-2025-37890, CVE-2025-38079, CVE-2022-50020, CVE-2025-38052, CVE-2025-21928, CVE-2025-22020, kernel RLSA-2025:15008 CVE-2025-3833...

8CVSS7.1AI score0.07174EPSS
Exploits0
Broadcom
Broadcom
added 2026/03/03 12:0 a.m.21 views

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...

7.8CVSS6AI score0.0788EPSS
Exploits3
Broadcom
Broadcom
added 2026/01/27 12:0 a.m.21 views

The x509 application adds trusted use instead of rejected use

Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as trusted for that use. A copy & paste...

6.5CVSS7.1AI score0.00306EPSS
Exploits0
Broadcom
Broadcom
added 2026/01/27 12:0 a.m.21 views

use-after-free and memory corruption

The tcpmssmanglepacket function in net/netfilter/xtTCPMSS. c in the Linux kernel before 4.11, and 4.9. x before 4.9. 36, allows remote attackers to cause a denial of service use-after-free and memory corruption or possibly have unspecified other impact by leveraging the presence of xtTCPMSS in an...

9.8CVSS7.3AI score0.52841EPSS
Exploits0
Broadcom
Broadcom
added 2025/01/08 12:0 a.m.21 views

Brocade ASCG Vulnerability Disclosures

Brocade Security Advisories posted on July 1, 2026 CVE addressed in ASCG 3.4.0c CVE-2026-31431 crypto: algifaead - Revert to operating out-of-place PSIRT Risk: High https://support.broadcom.com/external/content/SecurityAdvisories/0/37827 CVE-2026-43284 xfrm: esp: avoid in-place decrypt on shared...

9.8CVSS8AI score0.96267EPSS
Exploits272
Broadcom
Broadcom
added 2024/10/15 12:0 a.m.21 views

Brocade SANnav Vulnerability Disclosures

Brocade Security Advisories posted on March 3, 2026 CVEs addressed in SANnav 3.0.0 CVE-2025-53905, CVE-2025-53906 Path traversal issues in Vims tar.vim and zip.vim plugins PSIRT Risk: Low https://support.broadcom.com/external/content/SecurityAdvisories/0/37152 CVE-2025-26465 OpenSSH security upda...

9.8CVSS8AI score0.95302EPSS
Exploits27
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.21 views

Hardcoded TLS keys used by Docker (CVE-2024-29963).

Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Brocade SANnav doesn't have access to remote Docker registries, and knowledge of the keys is a minimal risk as SANnav is prevented from communicating with Docker registries VEX code:...

1.9CVSS8.6AI score0.0016EPSS
Exploits0Affected Software1
Total number of security vulnerabilities879