Vulnerabilities (CVE)

Filtered by vendor Broadcom Subscribe
Total 511 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-27792 1 Broadcom 1 Fabric Operating System 2024-02-28 7.2 HIGH 7.8 HIGH
The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot.
CVE-2021-30648 1 Broadcom 15 Symantec Advanced Secure Gateway 500-10, Symantec Advanced Secure Gateway 500-10 Firmware, Symantec Advanced Secure Gateway S200-30 and 12 more 2024-02-28 9.0 HIGH 9.8 CRITICAL
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.
CVE-2020-15384 1 Broadcom 1 Sannav 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header.
CVE-2020-15383 1 Broadcom 1 Fabric Operating System 2024-02-28 5.0 MEDIUM 7.5 HIGH
Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.
CVE-2021-27793 1 Broadcom 1 Fabric Operating System 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.
CVE-2021-27791 1 Broadcom 1 Fabric Operating System 2024-02-28 5.5 MEDIUM 5.4 MEDIUM
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.
CVE-2021-26313 6 Amd, Arm, Broadcom and 3 more 11 Ryzen 5 5600x, Ryzen 7 2700x, Ryzen Threadripper 2990wx and 8 more 2024-02-28 2.1 LOW 5.5 MEDIUM
Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.
CVE-2020-15380 1 Broadcom 1 Sannav 2024-02-28 5.0 MEDIUM 7.5 HIGH
Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level.
CVE-2020-18976 1 Broadcom 1 Tcpreplay 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-edit' binary. This issue is different than CVE-2019-8381.
CVE-2020-15382 1 Broadcom 1 Brocade Sannav 2024-02-28 6.5 MEDIUM 7.2 HIGH
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time.
CVE-2020-15377 1 Broadcom 1 Sannav 2024-02-28 7.5 HIGH 9.8 CRITICAL
Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF).
CVE-2021-23133 5 Broadcom, Debian, Fedoraproject and 2 more 24 Brocade Fabric Operating System, Debian Linux, Fedora and 21 more 2024-02-28 6.9 MEDIUM 7.0 HIGH
A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.
CVE-2020-15381 1 Broadcom 1 Sannav 2024-02-28 5.0 MEDIUM 7.5 HIGH
Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server.
CVE-2020-15371 1 Broadcom 1 Fabric Operating System 2024-02-28 7.5 HIGH 9.8 CRITICAL
Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.
CVE-2020-35507 4 Broadcom, Gnu, Netapp and 1 more 9 Brocade Fabric Operating System, Binutils, Cloud Backup and 6 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.
CVE-2020-15375 1 Broadcom 1 Fabric Operating System 2024-02-28 4.6 MEDIUM 6.7 MEDIUM
Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges.
CVE-2020-35496 4 Broadcom, Fedoraproject, Gnu and 1 more 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
CVE-2021-27218 5 Broadcom, Debian, Fedoraproject and 2 more 7 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 4 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
CVE-2020-15374 1 Broadcom 1 Fabric Operating System 2024-02-28 7.5 HIGH 9.8 CRITICAL
Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.
CVE-2020-12595 1 Broadcom 1 Symantec Messaging Gateway 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4.