Lucene search
K
BroadcomFabric Operating System

95 matches found

CVE
CVE
added 2020/07/24 12:0 a.m.30700 views

CVE-2020-15778

The CVE-2020-15778 entry covers a command-injection flaw in scp within OpenSSH up to version 8.3p1. The vulnerability resides in scp.c toremote, enabling arbitrary command execution when a destination argument contains backtick characters; the vendor notes they intentionally forgo validating anom...

7.8CVSS7.8AI score0.12996EPSS
CVE
CVE
added 2024/04/04 7:19 p.m.4940 views

CVE-2023-38709

CVE-2023-38709 describes HTTP response splitting in the core of Apache HTTP Server caused by faulty input validation. It affects Apache HTTP Server up to version 2.4.58; multiple advisories (e.g., Astra Linux, AlmaLinux, Alpine Linux) note that upgrading to 2.4.64 fixes the issue. Some sources in...

7.3CVSS7.1AI score0.03914EPSS
CVE
CVE
added 2024/07/09 12:2 p.m.4483 views

CVE-2024-3596

Summary: CVE-2024-3596 is a forgery vulnerability in RADIUS (RFC 2865) where a local attacker can modify a valid RADIUS response to another response using a chosen-prefix collision against MD5. The vulnerability is associated with FreeRADIUS and is covered in multiple advisories (ALAS/ALSA) confi...

9CVSS6.4AI score0.14859EPSS
CVE
CVE
added 2024/04/04 7:20 p.m.3871 views

CVE-2024-24795

CVE-2024-24795 (httpd) describes HTTP response splitting in multiple Apache HTTP Server modules when malicious response headers can be injected into backend applications, enabling HTTP desynchronization. The vulnerability is mitigated by upgrading to Apache HTTP Server 2.4.59, as indicated across...

6.3CVSS7AI score0.02874EPSS
CVE
CVE
added 2020/04/21 1:45 p.m.818 views

CVE-2020-1967

CVE-2020-1967 describes a NULL pointer dereference in OpenSSL’s SSL_check_chain() during or after a TLS 1.3 handshake, caused by incorrect handling of the signature_algorithms_cert extension. A malicious peer sending an invalid/unrecognized signature algorithm can crash the server/client, enablin...

7.5CVSS7.5AI score0.53336EPSS
CVE
CVE
added 2021/01/04 12:0 a.m.606 views

CVE-2019-25013

CVE-2019-25013 affects the GNU C Library (glibc) iconv, where processing invalid multi-byte input in EUC-KR can cause a buffer over-read. Connected advisories confirm the issue and map it to glibc versions affected (through 2.32) and note that Debian, AlmaLinux/Alma or Amazon Linux advisories add...

7.1CVSS6.8AI score0.03538EPSS
CVE
CVE
added 2025/04/24 2:55 a.m.488 views

CVE-2025-1976

Summary: CVE-2025-1976 affects Brocade Fabric OS 9.1.0 through 9.1.1d6. A local user with admin privileges can execute arbitrary code with full root privileges due to a design flaw in Fabric OS, effectively a local code-execution vulnerability. Impact: allows full compromise of the host system wh...

8.6CVSS7.7AI score0.00736EPSS
In wild
CVE
CVE
added 2020/12/09 4:57 p.m.468 views

CVE-2020-29661

The entry CVE-2020-29661 describes a local, kernel-space vulnerability in the Linux tty subsystem (drivers/tty/tty_jobctrl.c) that can enable a use-after-free through TIOCSPGRP. A locking issue in this path allows memory corruption and potential privilege escalation or system impact when an attac...

7.8CVSS7.9AI score0.01129EPSS
CVE
CVE
added 2021/04/01 5:45 p.m.446 views

CVE-2021-22876

The Connected documents confirm CVE-2021-22876 affects curl/libcurl 7.1.1 through 7.75.0, where libcurl fails to remove user credentials from URLs when populating the Referer header, leading to leakage of credentials to the server of the second request. The root cause is improper handling of cred...

5.3CVSS5.7AI score0.05301EPSS
CVE
CVE
added 2020/12/09 4:57 p.m.420 views

CVE-2020-29660

This CVE (CVE-2020-29660) affects the Linux kernel tty subsystem, specifically in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c, where a locking inconsistency can enable a local attacker to perform a read-after-free against TIOCGSID. Consequences stated in multiple advisories include memory ...

4.4CVSS6.3AI score0.00468EPSS
CVE
CVE
added 2021/04/01 5:46 p.m.362 views

CVE-2021-22890

CVE-2021-22890 affects curl 7.63.0 through 7.75.0. When using TLS 1.3 with an HTTPS proxy, libcurl could confuse TLS session tickets from the proxy as if they came from the remote server, potentially causing the host’s session ticket to be resumed incorrectly and bypass server certificate checks,...

4.3CVSS4.9AI score0.03141EPSS
CVE
CVE
added 2020/05/28 11:55 a.m.324 views

CVE-2020-13645

Technical details for CVE-2020-13645 are not provided in the Connected documents. The Initial Description notes a hostname verification issue in GNOME glib-networking (GTlsClientConnection), but there are no product/version specifics beyond the CP4S remediation, so monitor for updates.

6.5CVSS6.4AI score0.01933EPSS
CVE
CVE
added 2019/11/04 3:36 p.m.268 views

CVE-2019-18683

CVE-2019-18683 affects the Linux kernel’s V4L2 vivid driver (drivers/media/platform/vivid). The issue arises from wrong mutex locking in functions vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and related kthreads, causing multiple race conditions dur...

7CVSS7.7AI score0.00985EPSS
CVE
CVE
added 2019/11/07 1:8 p.m.246 views

CVE-2019-18805

CVE-2019-18805 affects the Linux kernel prior to 5.0.11. A signed integer overflow occurs in net/ipv4/sysctl_net_ipv4.c and in tcp_input.c (tcp_ack_update_rtt()) when a very large value is written to /proc/sys/net/ipv4/tcp_min_rtt_wlen, potentially causing a denial of service or other impact. Con...

9.8CVSS9.1AI score0.03431EPSS
Web
CVE
CVE
added 2022/12/08 12:0 a.m.191 views

CVE-2022-33186

Affected software: Brocade Fabric OS (FOS) prior to 9.2.2. Root cause / vector: Embedding of the EZswitch software server allows a remote unauthenticated attacker to execute commands on the switch. Impact (as stated): Ability to modify zoning, disable the switch, disable ports, and modify the swi...

9.8CVSS9.5AI score0.01546EPSS
CVE
CVE
added 2019/11/18 5:23 a.m.167 views

CVE-2019-19050

CVE-2019-19050 describes a memory leak in the Linux kernel’s crypto_reportstat() path (crypto/crypto_user_stat.c) that can cause a denial of service via memory consumption when crypto_reportstat_alg() fails, affected up to kernel 5.3.11. Connected Nessus advisories (Unity Linux UTSA-2026-003794 a...

7.8CVSS7.5AI score0.05077EPSS
CVE
CVE
added 2019/11/18 5:24 a.m.129 views

CVE-2019-19069

CVE-2019-19069 affects the Linux kernel fastrpc DMA path. A memory leak in the function fastrpc_dma_buf_attach() (drivers/misc/fastrpc.c) can be triggered by dma_get_sgtable() failures, allowing a potential denial of service through memory consumption. The vulnerability is in kernels before 5.3.9...

7.8CVSS6.8AI score0.03422EPSS
CVE
CVE
added 2024/06/25 11:42 p.m.114 views

CVE-2024-29954

CVE-2024-29954 affects Brocade Fabric OS. The issue is a password management API that prints sensitive information to logs when the firmwaredownload command is used with an erroneous file or input, allowing an authenticated user to view server passwords for SCP/SFTP. Root cause: the failed firmwa...

5.9CVSS5.5AI score0.00114EPSS
CVE
CVE
added 2022/02/21 5:49 p.m.97 views

CVE-2021-27797

CVE-2021-27797 affects Brocade Fabric OS. Versions prior to 8.2.1c, 8.1.2h, and all 8.0.x/7.x releases contain documented hard-coded credentials, enabling access to the system. The root cause is hard-coded admin credentials; impact is high (partial/complete confidentiality, integrity, and availab...

9.8CVSS9.4AI score0.01326EPSS
CVE
CVE
added 2022/02/21 5:49 p.m.90 views

CVE-2021-27796

The CVE-2021-27796 issue affects Brocade Fabric OS prior to versions that include fixed releases v8.0.1b and v7.4.1d. An authenticated user in the restricted shell (rbash) on the user or factory account can read arbitrary files on the filesystem by leveraging one of several binaries, enabling pot...

6.8CVSS6.2AI score0.00893EPSS
CVE
CVE
added 2022/03/18 5:59 p.m.87 views

CVE-2021-27789

CVE-2021-27789 affects Brocade Fabric OS web app and CLI on Brocade Fabric OS versions prior to v9.0.1a and v8.2.3a. The issue stems from debug statements that print sensitive information to stdout, enabling an attacker who has already compromised the FOS system to capture credentials and other s...

6.5CVSS6.3AI score0.00786EPSS
CVE
CVE
added 2022/08/05 3:24 p.m.87 views

CVE-2021-27798

CVE-2021-27798 affects Brocade Fabric OS v7.4.1b and v7.3.1d, enabling local privileged directory traversal via the more binary in a restricted shell, allowing an attacker to enumerate the filesystem. The issue is tied to end-of-life versions (7.4.1.x and 7.3.x); Brocade/Red Hat/NVD entries reite...

5.5CVSS5.3AI score0.00216EPSS
CVE
CVE
added 2022/10/25 12:0 a.m.85 views

CVE-2022-33185

CVE-2022-33185 affects Brocade Fabric OS prior to 9.0.1e and version 9.1.0. The root cause is the use of unsafe string functions to process user input in several commands, which can cause stack-based buffer overflows. An authenticated local attacker could exploit this to execute arbitrary code as...

7.8CVSS8.1AI score0.00322EPSS
CVE
CVE
added 2024/06/25 11:16 p.m.85 views

CVE-2024-29953

CVE-2024-29953 affects Brocade Fabric OS, where the web interface on Virtual Fabric platforms can expose encoded session passwords stored in session storage to an authenticated user. Affected firmware ranges are Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d. Root cause is the handling/enc...

4.3CVSS4.5AI score0.00299EPSS
CVE
CVE
added 2022/10/25 12:0 a.m.83 views

CVE-2022-28170

CVE-2022-28170 affects Brocade Fabric OS Web Application services, exposing stored passwords in debug statements across multiple firmware lines (before v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j). The underlying issue is that server and user credentials are logged in debug output, enabling a local attacke...

6.5CVSS6.2AI score0.00205EPSS
CVE
CVE
added 2024/11/21 5:44 a.m.82 views

CVE-2024-10403

CVE-2024-10403 affects Brocade Fabric OS: versions prior to 8.2.3e2, 9.0.0–9.2.0c, and 9.2.1–9.2.1a may capture the SFTP/FTP server password used for firmware downloads when SANnav or WebEM triggers a weblinker core dump later uploaded via SupportSave. Root cause: sensitive credentials stored in ...

7.5CVSS6.9AI score0.00644EPSS
CVE
CVE
added 2024/06/25 11:58 p.m.81 views

CVE-2024-5460

CVE-2024-5460 affects Brocade Fabric OS versions before 9.0.0, where a hard-coded, default SNMP community string in the SNMP daemon config enables an authenticated, remote attacker to read data from the device. Exploitation via SNMP v1 with the static community string is implied; the vulnerabilit...

8.1CVSS8AI score0.00542EPSS
CVE
CVE
added 2025/02/14 11:48 p.m.81 views

CVE-2024-5462

Brocade Fabric OS vulnerable before 9.2.0 when SNMP password encryption is not configured. The SNMP privsecret and authsecret can be exposed in plaintext in configupload or supportsave captures, enabling an attacker to use SNMPv3 to retrieve OID values and potentially modify a limited set of MIB ...

7.5CVSS6.9AI score0.00145EPSS
CVE
CVE
added 2023/08/01 9:18 p.m.80 views

CVE-2023-31426

The CVE-2023-31426 issue affects Brocade Fabric OS where the commands configupload and configdownload, on certain older Fabric OS versions, print scp, sftp, and ftp server passwords in the supportsave data. Root cause is exposure of passwords in supportsave output when using those commands prior ...

6.8CVSS6.2AI score0.00519EPSS
CVE
CVE
added 2020/12/11 8:34 p.m.78 views

CVE-2020-15376

CVE-2020-15376 affects Brocade Fabric OS versions before v9.0.0 and after v8.1.0 when configured in Virtual Fabric mode. The vulnerability stems from a weakness in the LDAP implementation, which could allow a remote LDAP user to log in to a Brocade Fibre Channel SAN switch with only “user” privil...

4.3CVSS4.6AI score0.00869EPSS
CVE
CVE
added 2021/08/12 2:24 p.m.77 views

CVE-2021-27793

CVE-2021-27793 affects Brocade Fabric OS TACACS+ login, causing intermittent authorization failures for users with valid accounts. Affected: FOS before 9.0.1b (and after 9.0.0) and before 8.2.3a (and after 8.2.0). Remediation: upgrade to 9.0.1b+ or 8.2.3a+ as indicated by advisories (BSA-2021-155...

5.3CVSS5.2AI score0.00905EPSS
CVE
CVE
added 2022/10/25 12:0 a.m.76 views

CVE-2022-33180

CVE-2022-33180 affects Brocade Fabric OS CLI before versions v9.1.0, v9.0.1e, v8.2.3c, and v8.2.0cbn5. A local authenticated attacker can export sensitive files using seccryptocfg and configupload. Impact: confidentiality compromise (HIGH). Mitigation: upgrade to the fixed versions (9.1.0, 9.0.1e...

5.5CVSS5.2AI score0.00212EPSS
CVE
CVE
added 2024/11/21 5:53 a.m.76 views

CVE-2024-7517

CVE-2024-7517 concerns a local, privileged escalation in Brocade Fabric OS prior to 9.2.0c and in 9.2.1–9.2.1a on IP Extension platforms (7810/7840/7850 or SX-6 blade on X6/X7). Exploitation requires an authenticated user on SSH/serial to craft portcfg usage. Root cause is a command-injection vul...

8.5CVSS6.9AI score0.00626EPSS
CVE
CVE
added 2022/10/25 12:0 a.m.74 views

CVE-2022-28169

CVE-2022-28169 affects Brocade Fabric OS Webtools. A low-privilege Webtools user could elevate privileges to admin by crafting a request that creates an admin account using the operator’s session. Public details specify this occurs in Fabric OS versions prior to v9.1.1, v9.0.1e, and v8.2.3c. A mi...

8.8CVSS8.7AI score0.00701EPSS
CVE
CVE
added 2022/10/25 12:0 a.m.74 views

CVE-2022-33178

The CVE-2022-33178 entry affects Brocade Fabric OS prior to 9.0, where a vulnerability in the radius authentication system could allow a remote attacker to execute arbitrary code on Brocade switches. The root cause is improper input validation of the Brocade-Auth-Role parameter, enabling code exe...

7.2CVSS7.4AI score0.01289EPSS
CVE
CVE
added 2020/02/05 3:16 p.m.73 views

CVE-2019-16204

The CVE-2019-16204 issue affects Brocade Fabric OS prior to versions 7.4.2f, 8.2.2a, 8.1.2j, and 8.2.1d. The vulnerability allows exposure of external passwords, common secrets, or authentication keys used between the switch and an external server. Root cause: information disclosure via insecure ...

7.5CVSS7.7AI score0.01476EPSS
CVE
CVE
added 2022/10/25 12:0 a.m.73 views

CVE-2022-33179

CVE-2022-33179 affects Brocade Fabric OS CLI before versions v9.1.0, v9.0.1e, v8.2.3c, and v7.4.2j. The issue allows a local authenticated user to escape restricted shells using the command “set context” and perform privilege escalation. Affected product: Brocade Fabric OS CLI. Root cause: improp...

8.8CVSS8.4AI score0.00184EPSS
CVE
CVE
added 2022/10/25 12:0 a.m.71 views

CVE-2022-33183

CVE-2022-33183 describes a stack buffer overflow in the Brocade Fabric OS CLI. The vulnerability affects Brocade Fabric OS Command Line Interface prior to versions v9.1.0, v9.0.1e, v8.2.3c, v8.2.0cbn5, and v7.4.2.j, enabling a remote authenticated attacker to trigger a stack overflow via the firm...

8.8CVSS8.5AI score0.01443EPSS
CVE
CVE
added 2021/08/12 2:25 p.m.69 views

CVE-2021-27794

CVE-2021-27794 affects Brocade Fabric OS prior to versions fixed in Brocade/Fabric OS advisories. The vulnerability arises in the authentication mechanism, allowing login with an empty or invalid password via telnet, ssh, and REST. Affected products include Brocade Fabric OS versions before v9.0....

7.8CVSS7.7AI score0.0024EPSS
CVE
CVE
added 2022/10/25 12:0 a.m.69 views

CVE-2022-33181

CVE-2022-33181 affects Brocade Fabric OS CLI. The flaw in the CLI could allow a local authenticated attacker to read sensitive files via switch commands configshow and supportlink. Affected versions include Brocade Fabric OS before v9.1.0, and specific builds v9.0.1e, v8.2.3c, v8.2.0cbn5, and v7....

5.5CVSS5.1AI score0.00215EPSS
CVE
CVE
added 2024/04/04 5:3 p.m.69 views

CVE-2023-3454

CVE-2023-3454 is a remote code execution flaw in Brocade Fabric OS that affects versions after 9.0 and before 9.2.0. An unauthenticated attacker could execute arbitrary code and gain root access on affected Brocade Fibre Channel switches. Documented impact is high to critical, with disclosures in...

9.8CVSS9.1AI score0.01205EPSS
CVE
CVE
added 2022/10/25 12:0 a.m.67 views

CVE-2022-33184

The vulnerability CVE-2022-33184 affects Brocade Fabric OS via the fab_seg.c.h libraries, with all prior-FOS versions vulnerable to a stack-based buffer overflow that could let a local authenticated attacker execute arbitrary code as root. Affected platforms include Fabric OS releases prior to 9....

7.8CVSS7.7AI score0.00322EPSS
CVE
CVE
added 2022/10/25 12:0 a.m.66 views

CVE-2022-33182

CVE-2022-33182 is a privilege escalation in Brocade Fabric OS CLI prior to 9.1.0, 9.0.1e, 8.2.3c, or 8.2.0cbn5. A local authenticated user could escalate to root via switch commands: “supportlink”, “firmwaredownload”, “portcfgupload”, “license”, and “fosexec”. Connected PT-2022-5072 corroborates ...

7.8CVSS7.8AI score0.00195EPSS
CVE
CVE
added 2018/02/08 10:0 p.m.63 views

CVE-2017-6227

CVE-2017-6227 affects Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS). The IPv6 stack vulnerability allows a remote attacker to cause a denial-of-service (CPU consumption and device hang) by sending crafted Router Advertisement messages. Affected FOS versions include pre-7.4.2b...

6.5CVSS6.2AI score0.00552EPSS
CVE
CVE
added 2023/08/01 10:46 p.m.63 views

CVE-2023-31427

CVE-2023-31427 affects Brocade Fabric OS prior to 9.1.1c and 9.2.0, enabling an authenticated local user with knowledge of full path names to execute arbitrary commands with elevated privileges. Root access is disabled from Fabric OS 9.1.0 onward, but prior versions remain vulnerable. Remediation...

7.8CVSS7.8AI score0.002EPSS
CVE
CVE
added 2020/09/25 1:8 p.m.62 views

CVE-2020-15369

The vulnerability CVE-2020-15369 affects Brocade Fabric OS in the Supportlink CLI, where the password field is not obfuscated, allowing an authenticated user to obtain remote-server credentials and potentially access the remote host. Affected products include Brocade Fabric OS versions up to 8.2....

8.8CVSS9.3AI score0.01002EPSS
CVE
CVE
added 2021/06/09 3:24 p.m.62 views

CVE-2020-15387

The CVE-2020-15387 entry concerns Brocade Fabric OS hosts whose SSH servers (and SANnav) used keys

7.4CVSS7.3AI score0.00491EPSS
CVE
CVE
added 2022/03/18 5:59 p.m.62 views

CVE-2020-15388

CVE-2020-15388 affects Brocade Fabric OS; an authenticated CLI user can abuse the history command to write arbitrary content to files in vulnerable builds. Affected OS versions include Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h. Confirmed by multiple sources (Red Hat, Broadcom ad...

6.5CVSS6.5AI score0.00676EPSS
CVE
CVE
added 2020/12/11 8:34 p.m.60 views

CVE-2020-15375

The vulnerability CVE-2020-15375 affects Brocade Fabric OS (FOS) prior to targeted versions (v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g). It is an input validation weakness in the command-line interface when secccrypptocfg is invoked, allowing a local authenticated user to run arbitr...

6.7CVSS8.1AI score0.00305EPSS
CVE
CVE
added 2023/08/01 8:34 p.m.60 views

CVE-2023-31425

CVE-2023-31425 affects Brocade Fabric OS: a vulnerability in the fosexec command could allow a local authenticated user to escalate to root by breaking rbash. Affected: Fabric OS v9.1.0+ up to before v9.1.1; root access is disabled starting with v9.1.0. Remediation: security updates released in F...

7.8CVSS7.8AI score0.00259EPSS
Total number of security vulnerabilities95