Lucene search
K
BroadcomRecent

879 matches found

Broadcom
Broadcom
added 2023/05/18 12:0 a.m.45 views

CVE-2023-1255 - Possible denial of service on Arm 64 (aarch64) using AES XTS mode

The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm ...

5.9CVSS6.3AI score0.00953EPSS
Exploits0
Broadcom
Broadcom
added 2023/05/03 12:0 a.m.45 views

CVE-2022-42003 - In FasterXML jackson-databind before 2.14.0-rc1, ressource exhaustion

In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check-in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1 Products Confirme...

7.5CVSS7.6AI score0.02706EPSS
Exploits2
Broadcom
Broadcom
added 2023/05/03 12:0 a.m.49 views

CVE-2022-42004 -In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check-in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. Products Confirmed No...

7.5CVSS7.6AI score0.02706EPSS
Exploits1
Broadcom
Broadcom
added 2023/05/02 12:0 a.m.57 views

CVE-2022-36760 - HTTP Request Smuggling

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...

9CVSS8.8AI score0.01879EPSS
Exploits0
Broadcom
Broadcom
added 2023/05/02 12:0 a.m.49 views

CVE-2016-7117 - Use-after-free vulnerability in the Linux kernel

Use-after-free vulnerability in the sysrecvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing...

9.8CVSS9.2AI score0.24299EPSS
Exploits0
Broadcom
Broadcom
added 2023/05/02 12:0 a.m.8 views

CVE-2022-34917 - OutOfMemoryException in Apache Kafka

A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Exampl...

7.5CVSS6.8AI score0.0125EPSS
Exploits0
Broadcom
Broadcom
added 2023/05/02 12:0 a.m.52 views

CVE-2022-43551 - HSTS check could be bypassed to trick it to keep using HTTP.

A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...

7.5CVSS7.5AI score0.1654EPSS
Exploits1
Broadcom
Broadcom
added 2023/02/07 12:0 a.m.5 views

Brocade Product Security Incident Response Team Contact Information

Brocade Communications Systems Brocade is committed to resolving vulnerabilities to meet the needs of its customers and the broader technology community. Brocade Product Security Incident Response Team Brocade PSIRT is a global team that manages the receipt, investigation and internal coordinatio...

6.5AI score
Exploits0
Broadcom
Broadcom
added 2022/12/24 12:0 a.m.12 views

CVE-2022-47941, CVE-2022-47942, CVE-2022-47938, CVE-2022-47939, CVE-2022-47940. Vulnerabilities affecting the ksmb module in the Linux kernel versions 5.14 through 5.15.61. (BSA-2022-2157).

Security Advisory ID: BSA-2022-2157 Component: ksmbd module in the Linux kernel Revision: 2.1 Brocade PSIRT has become aware of several vulnerabilities affecting theksmbdmodule in the Linux kernel published by Trend Micro Zero Day Initiative. ZDI-22-1687 - CVSS SCORE: 5.3 - CVE-2022-47941...

9.8CVSS6.8AI score0.58461EPSS
Exploits0
Broadcom
Broadcom
added 2022/12/09 12:0 a.m.11 views

CVE-2022-40259, CVE-2022-40242, CVE-2022-2827 -- Vulnerabilities in AMI MegaRAC Baseboard Management Controller (BMC) software.(BSA-2022-2147)

Security Advisory ID: BSA-2022-2147 Component: BMC Software Revision: 1.0 Brocade PSIRT has become aware of several vulnerabilities discovered by Eclypsium Research affecting AMI MegaRAC Baseboard Management Controller BMC software. More information at:...

9.8CVSS7.4AI score0.0171EPSS
Exploits0
Broadcom
Broadcom
added 2022/11/29 12:0 a.m.7 views

CVE-2022-2601 & CVE-2022-3775: Multiple GRUB2 vulnerabilities

Security Advisory ID : BSA-2022-2139 Component : GRUB2 Revision : 1.0 Brocade PSIRT has become aware of two grub vulnerabilities. CVE-2022-2601 grub2: A buffer overflow in grubfontconstructglyph can lead to out-of-bound write and possible secure boot by-pass A buffer overflow was found in...

8.6CVSS8.5AI score0.00872EPSS
Exploits0
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.34 views

CVE-2022-33186 : EZServer module vulnerability. (BSA-2022-2121)

Security Advisory ID: BSA-2022-2121 Component: EZServer Revision: 2.1 A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning,...

9.4CVSS9.7AI score0.01546EPSS
Exploits2
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.35 views

CVE-2021-4044: Invalid handling of X509_verify_cert() internal errors in libssl

Security Advisory ID : BSA-2022-1661 Component : OpenSSL Revision : 1.0 A flaw was found in the way OpenSSL verified certificates via the X509verifycert function. X509verifycert fuunction may return a negative return value to indicate an internal error for example, out of memory. Such a negative...

7.5CVSS7.1AI score0.50099EPSS
Exploits0
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.27 views

CVE-2022-43933 : Configuration secrets are logged in support-save

Security Advisory ID : BSA-2022-2123 Component : Configsecrets Revision : 1.0 An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in support-save. Support-save file is generated by an admin user...

4.4CVSS6.9AI score0.00261EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.42 views

CVE-2022-33187 : Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. (BSA-2022-2122)

Security Advisory ID: BSA-2022-2122 Component: DebugLogs Revision: 1.0 Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information...

5.5CVSS4.9AI score0.00461EPSS
Exploits0
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.52 views

CVE-2022-43934 : Weak Key-exchange algorithms

Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095. Products Affected Brocade SANnav versions before v2.2.2 Products Confirmed Not Affected No other Brocade Fibre Channel products are affected. Credit...

6.5CVSS2.4AI score0.00473EPSS
Exploits0
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.36 views

CVE-2022-43933 : Configuration secrets are logged in support-save

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in support-save. Support-save file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and...

4.4CVSS0.6AI score0.00261EPSS
Exploits0
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.29 views

CVE-2022-43936: Switch passwords in logs

Brocade SANnav versions before v2.2.2 improperly expose Brocade Fabric OS switch password when debugging is turned on. A local or remote authenticated privileged user with access to logs may gain switch users' passwords. Products Affected Brocade SANnav versions before v2.2.2 Products Confirmed N...

6.8CVSS2AI score0.00766EPSS
Exploits0
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.84 views

CVE-2022-33186 : EZServer module vulnerability

A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP...

9.4CVSS1AI score0.01546EPSS
Exploits2
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.46 views

CVE-2022-43935: Switch passwords and authorization IDs are printed in the embedded MLS DB file5

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file. Products Affected Brocade SANnav versions before v2.2.2 Products Confirmed Not...

5.3CVSS0.8AI score0.00223EPSS
Exploits0
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.46 views

CVE-2022-33187 : Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs

Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information. Products Affected Brocade SANnav versions before v2.2.1 Products Confirmed Not Affected No other Brocade Fibre...

5.5CVSS1.7AI score0.00461EPSS
Exploits0
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.44 views

CVE-2022-24903: A flaw in rsyslog TCP module could allows an attacker to craft a malicious message leading to a heap-based buffer overflow.

Rsyslog is vulnerable to remote code execution RCE due to improper validation of input data when octet-counted framing is used. An attacker could exploit this vulnerability by supplying a system with maliciously crafted messages. Products Affected. Brocade SANnav - Fixed in Brocade SANnav 2.2.1...

8.1CVSS4.5AI score0.03821EPSS
Exploits0
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.49 views

CVE-2021-4044: Invalid handling of X509_verify_cert() internal errors in libssl

A flaw was found in the way OpenSSL verified certificates via the X509verifycert function. X509verifycert fuunction may return a negative return value to indicate an internal error for example, out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO function such...

7.5CVSS1.5AI score0.50099EPSS
Exploits0
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.19 views

CVE-2022-43936: Switch passwords in logs

Security Advisory ID : BSA-2022-2126 Component : Logs Revision : 1.0 Brocade SANnav versions before v2.2.2 improperly expose Brocade Fabric OS switch password when debugging is turned on. A local or remote authenticated privileged user with access to logs may gain switch users' passwords...

6.8CVSS7.2AI score0.00766EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.27 views

CVE-2022-43935: Switch passwords and authorization IDs are printed in the embedded MLS DB file5

Security Advisory ID : BSA-2022-2125 Component : MLSDB Revision : 1.0 An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file...

5.3CVSS7AI score0.00223EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.57 views

CVE-2022-24903: A flaw in rsyslog TCP module could allow an attacker to craft a malicious message leading to a heap-based buffer overflow. (BSA-2022-2127)

Security Advisory ID: BSA-2022-2127 Component: Rsyslog Revision: 1.0 Rsyslog is vulnerable to remote code execution RCE due to improper validation of input data when octet-counted framing is used. An attacker could exploit this vulnerability by supplying a system with maliciously crafted messages...

8.1CVSS8AI score0.03821EPSS
Exploits0
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.28 views

CVE-2022-43934 : Weak Key-exchange algorithms

Security Advisory ID : BSA-2022-2124 Component : Crypto Revision : 1.0 Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095...

6.5CVSS7.3AI score0.00473EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.84 views

CVE-2021-23017: NGINX Resolver Vulnerability

Security Advisory ID : BSA-2021-1516 Component : NGINX Revision : 1.0 A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...

7.7CVSS7.2AI score0.53461EPSS
Exploits10
Broadcom
Broadcom
added 2022/11/08 12:0 a.m.1707 views

CVE-2021-23017: NGINX Resolver Vulnerability

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. Products Affected. Brocade SANnav - Fixed in Brocade SANnav 2.2.1...

7.7CVSS0.9AI score0.53461EPSS
Exploits10
Broadcom
Broadcom
added 2022/11/01 12:0 a.m.59 views

CVE-2022-3358 : Using a Custom Cipher with NID_undef may lead to NULL encryption

OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0, and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions...

7.5CVSS1.9AI score0.02846EPSS
Exploits0
Broadcom
Broadcom
added 2022/11/01 12:0 a.m.40 views

CVE-2022-3358 : Using a Custom Cipher with NID_undef may lead to NULL encryption

Security Advisory ID : BSA-2022-2094 Component : OpenSSL Revision : 1.0 OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0, and application authors are instead encouraged to use the new...

7.5CVSS7AI score0.02846EPSS
Exploits0
Broadcom
Broadcom
added 2022/11/01 12:0 a.m.5 views

CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows

Security Advisory ID : BSA-2022-2115 Component : OpenSSL Revision : 1.0 On November 1st, 2022 the OpenSSL Project disclosed CVE-2022-3602 and CVE-2022-3786 present in OpenSSL 3.0.x... The vulnerabilities were initially rated as critical severity vulnerabilities but are now disclosed as high. More...

7.5CVSS6.9AI score0.92488EPSS
Exploits6
Broadcom
Broadcom
added 2022/10/20 12:0 a.m.12 views

CVE-2022-42889. Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults.

Security Advisory ID : BSA-2022-2096 Component : Apache Commons Text Revision : 1.1 Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an...

9.8CVSS6.7AI score0.99931EPSS
Exploits41
Broadcom
Broadcom
added 2022/09/27 12:0 a.m.14 views

CVE-2022-0778 - Infinite loop in BN_mod_sqrt() reachable when parsing certificates

Security Advisory ID: BSA-2022-1752 Component: OpenSSL Revision: 2.0 The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. More information is at https://www.openssl.org/news/secadv/20220315.txt Affected Products Broca...

7.5CVSS6.6AI score0.70561EPSS
Exploits2
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.8 views

CVE-2018-5764, CVE-2017-16548 and CVE-2017-1734. Vulnerabilities in rsynd

Security Advisory ID : BSA-2022-2074 Component : rsyncd Revision : 1.0 CVE-2018-5764: The parsearguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. Base...

9.8CVSS7.4AI score0.06337EPSS
Exploits0
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.25 views

CVE-2022-33178. A vulnerability in the radius authentication system could allow arbitrary code execution.

Security Advisory ID : BSA-2022-2077 Component : FOS Revision : 1.0 A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. Due to improper input validation, the privileged...

7.2CVSS8.3AI score0.01289EPSS
Exploits0
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.6 views

CVE-2015-4041: Denial of service (heap-based buffer overflow and application crash) in GNU Coreutils

Security Advisory ID : BSA-2022-1407 Component : GNU Coreutils Revision : 1.0 The keycomparemb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers ...

7.8CVSS7.9AI score0.00522EPSS
Exploits1
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.60 views

CVE-2021-29650. The netfilter subsystem allows attackers to cause a denial of service.

Security Advisory ID : BSA-2022-1462 Component : Kernel Revision : 1.0 A denial-of-service DoS flaw was identified in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service panic because net/netfilter/xtables.c and include/linux/netfilter/xtables.h...

5.5CVSS7AI score0.00413EPSS
Exploits0
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.8 views

CVE-2022-33182. Privilege escalation using switch commands "supportlink", "firmwaredownload", "portcfgupload","license", and "fosexec".

Security Advisory ID : BSA-2022-2084 Component : FOS Revision : 2.0 A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands "supportlink...

7.8CVSS7.2AI score0.00195EPSS
Exploits0
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.41 views

CVE-2021-3711: ASN1_STRING structure contains a buffer holding the string data

Security Advisory ID : BSA-2022-1586 Component : OpenSSL Revision : 2.0 In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and,...

9.8CVSS7.8AI score0.87816EPSS
Exploits1
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.26 views

CVE-2022-28169 - Brocade Fabric OS Privilege Escalation Vulnerability (BSA-2022-2075)

Security Advisory ID : BSA-2022-2075 Component : Webtools Revision : 3.1 Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools user to gain elevated admin rights, or privileges, beyond what is intended or...

7.3CVSS7AI score0.00707EPSS
Exploits0
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.8 views

CVE-2022-33184. Stack-based buffer overflows, allowing the execution of arbitrary code.

Security Advisory ID : BSA-2022-2080 Component : FOS Revision : 1.0 A vulnerability in fabseg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and...

7.8CVSS7.6AI score0.00322EPSS
Exploits0
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.19 views

CVE-2022-33183. Stack buffer overflow using in “firmwaredownload” and “diagshow” commands.

Security Advisory ID : BSA-2022-2085 Component : FOS Revision : 1.1 A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and...

7.1CVSS7.5AI score0.01443EPSS
Exploits0
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.20 views

CVE-2022-33185. Several commands in Brocade Fabric OS use unsafe string function to process user input

Security Advisory ID : BSA-2022-2078 Component : FOS Revision : 1.1 Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer...

7.8CVSS8.4AI score0.00322EPSS
Exploits0
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.6 views

CVE-2021-34798. NULL pointer dereference in httpd core.

Security Advisory ID : BSA-2022-1597 Component : Apache httpd Revision : 1.0 Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. Affected Products All versions of Brocade Fabric OS...

7.5CVSS7AI score0.64509EPSS
Exploits0
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.41 views

CVE-2022-33181. Information disclosure vulnerability in Brocade Fabric OS CLI using switch commands “configshow” and “supportlink”.

An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”. Affected Product All Brocade Fabric OS...

5.5CVSS2.3AI score0.00215EPSS
Exploits0
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.46 views

CVE-2022-33180. Sensitive files export.

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”. Affected Product All Brocade Fabric OS versions...

5.5CVSS4.2AI score0.00212EPSS
Exploits0
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.50 views

CVE-2021-3711: ASN1_STRING structure contains a buffer holding the string data

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

9.8CVSS1AI score0.87816EPSS
Exploits1
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.37 views

BSA-2022-2075

Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools user to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose...

7.3CVSS1.3AI score0.00707EPSS
Exploits0
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.44 views

CVE-2022-33178. A vulnerability in the radius authentication system could allow arbitrary code execution.

A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. Due to improper input validation, the privileged attacker could provide a script as Brocade-Auth-Role parameter that...

7.2CVSS6.1AI score0.01289EPSS
Exploits0
Total number of security vulnerabilities879