Fabric Operating System Security Vulnerabilities and Issues — Fabric Operating System CVE List

Lucene search

BroadcomFabric Operating System

11 matches found

CVE•added 2021/01/04 6:15 p.m.•557 views

CVE-2019-25013

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

7.1CVSS6.8AI score0.00626EPSS

CVE•added 2021/04/01 6:15 p.m.•395 views

CVE-2021-22876

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header fiel...

5.3CVSS5.7AI score0.0008EPSS

CVE•added 2021/04/01 6:15 p.m.•324 views

CVE-2021-22890

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived fro...

4.3CVSS4.9AI score0.00235EPSS

CVE•added 2021/08/12 3:15 p.m.•60 views

CVE-2021-27793

ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.

5.3CVSS5.2AI score0.00323EPSS

CVE•added 2021/08/12 3:15 p.m.•47 views

CVE-2021-27794

A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.

7.8CVSS7.7AI score0.00058EPSS

CVE•added 2021/06/09 4:15 p.m.•46 views

CVE-2020-15387

The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.

7.4CVSS7.3AI score0.00124EPSS

CVE•added 2021/06/09 3:15 p.m.•41 views

CVE-2020-15383

Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.

7.5CVSS7.5AI score0.00468EPSS

CVE•added 2021/06/09 4:15 p.m.•40 views

CVE-2020-15386

Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations.

5.3CVSS5.3AI score0.00377EPSS

CVE•added 2021/08/12 3:15 p.m.•36 views

CVE-2021-27790

The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as ...

7.8CVSS7.9AI score0.00049EPSS

CVE•added 2021/08/12 3:15 p.m.•36 views

CVE-2021-27791

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An un...

5.5CVSS5.7AI score0.00366EPSS

CVE•added 2021/08/12 3:15 p.m.•36 views

CVE-2021-27792

The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to cra...

7.8CVSS7.3AI score0.00051EPSS