Latest broadcom fabric operating system Vulnerabilities

CVE-2021-27795
License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software,
Broadcom Fabric Operating System
Broadcom Brocade 300
Broadcom Brocade 610
Broadcom Brocade 6505
Broadcom Brocade 6510
Broadcom Brocade 6520
and 7 more
CVE-2023-4163
Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS
Broadcom Fabric Operating System<9.2.0a
CVE-2023-3489
firmwaredownload command could log servers passwords in clear text
Broadcom Fabric Operating System=9.2.0
CVE-2023-31427
Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command re...
Broadcom Fabric Operating System<9.1.1c
CVE-2023-31426
scp, sftp, ftp servers passwords in supportsave
Broadcom Fabric Operating System<8.2.3d
Broadcom Fabric Operating System>=9.0.0<9.1.1c
CVE-2023-31429
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfg...
Broadcom Fabric Operating System<9.1.1c
CVE-2023-31425
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation ...
Broadcom Fabric Operating System=9.1.0
CVE-2022-33184
A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit s...
Broadcom Fabric Operating System<7.4.2.j
Broadcom Fabric Operating System>=8.0.0<8.2.3c
Broadcom Fabric Operating System>=9.0.0<9.0.1e
CVE-2022-33179
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and esc...
Broadcom Fabric Operating System<7.4.2j
Broadcom Fabric Operating System>=8.0.0<8.2.3c
Broadcom Fabric Operating System>=9.0.0<9.0.1e
Broadcom Fabric Operating System=9.1.0
CVE-2022-33183
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firm...
Broadcom Fabric Operating System<7.4.2.j
Broadcom Fabric Operating System>=8.0.0<8.2.3c
Broadcom Fabric Operating System>=9.0.0<9.0.1e
CVE-2022-33185
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities t...
Broadcom Fabric Operating System<9.0.1e
CVE-2022-33178
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.
Broadcom Fabric Operating System<9.0.0
CVE-2022-33180
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “confi...
Broadcom Fabric Operating System>=8.0.0<8.2.3c
Broadcom Fabric Operating System>=9.0.0<9.0.1e
Broadcom Fabric Operating System=9.1.0
CVE-2022-33182
A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using...
Broadcom Fabric Operating System>=8.0.0<8.2.3c
Broadcom Fabric Operating System>=9.0.0<9.0.1e
CVE-2022-33181
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files ...
Broadcom Fabric Operating System<7.4.2.j
Broadcom Fabric Operating System>=8.0.0<8.2.3c
Broadcom Fabric Operating System>=9.0.0<9.0.1e
Broadcom Fabric Operating System=9.1.0
CVE-2022-28170
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the...
Broadcom Fabric Operating System<7.4.2j
Broadcom Fabric Operating System>=8.0.0<8.2.3c
Broadcom Fabric Operating System>=9.0.0<9.0.1e
Broadcom Fabric Operating System=9.1.0
CVE-2022-28169
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, ...
Broadcom Fabric Operating System>=8.0.0<8.2.3c
Broadcom Fabric Operating System>=9.0.0<9.0.1e
Broadcom Fabric Operating System>=9.1.0<9.1.1
CVE-2021-27798
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions v7.4.1...
Broadcom Fabric Operating System=7.3.1d
Broadcom Fabric Operating System=7.4.1b
=7.3.1d
=7.4.1b
CVE-2021-27789
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An a...
Broadcom Fabric Operating System<8.2.3a
Broadcom Fabric Operating System>=9.0.0<9.0.1a
CVE-2020-15388
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary conten...
Broadcom Fabric Operating System<7.4.2h
Broadcom Fabric Operating System>=9.0.0<9.0.1a
Broadcom Fabric Operating System=8.2.0
Broadcom Fabric Operating System=8.2.0-cbn3
Broadcom Fabric Operating System=8.2.0a
Broadcom Fabric Operating System=8.2.3
CVE-2021-27793
ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after ...
Broadcom Fabric Operating System>=8.2.0<8.2.3
Broadcom Fabric Operating System>=9.0.0<9.0.1
Broadcom Fabric Operating System=8.2.3
Broadcom Fabric Operating System=9.0.1
Broadcom Fabric Operating System=9.0.1a
CVE-2021-27794
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid passwo...
Broadcom Fabric Operating System<7.4.2h
Broadcom Fabric Operating System>=8.0.0<8.2.3a
Broadcom Fabric Operating System>=9.0.0<9.0.1a
CVE-2021-27791
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authenticat...
Broadcom Fabric Operating System>=8.2.1<8.2.3a
Broadcom Fabric Operating System>=9.0.0<9.0.1a
CVE-2021-27792
The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash....
Broadcom Fabric Operating System<7.4.2h
Broadcom Fabric Operating System>=8.0.0<8.2.3a
Broadcom Fabric Operating System>=9.0.0<9.0.1a
CVE-2021-27790
The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse t...
Broadcom Fabric Operating System<7.4.2h
Broadcom Fabric Operating System>=8.0.0<8.2.0_cbn4
Broadcom Fabric Operating System>=8.2.1<8.2.3
Broadcom Fabric Operating System>=9.0.0<9.0.1a
CVE-2020-15387
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to ma...
Broadcom Brocade Sannav<2.1.1
Broadcom Fabric Operating System<7.4.2
Broadcom Fabric Operating System>=8.2.0<8.2.1
Broadcom Fabric Operating System=7.4.2
Broadcom Fabric Operating System=7.4.2a
Broadcom Fabric Operating System=7.4.2b
and 7 more
CVE-2020-15386
Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations...
Broadcom Fabric Operating System=8.2.3
Broadcom Fabric Operating System=9.0.0a
Broadcom Fabric Operating System=9.0.0b
Broadcom Fabric Operating System=9.0.1
CVE-2021-22890
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3...
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 28 more
CVE-2021-22876
cURL libcurl could allow a remote attacker to obtain sensitive information, caused by the failure to strip off user credentials from the URL when automatically populating the Referer: HTTP request hea...
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 34 more
CVE-2019-25013
GNU glibc is vulnerable to a denial of service, caused by a buffer over-read in iconv feature. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a SIG...
IBM Security Verify Access<=10.0.0
GNU glibc<=2.32
Fedoraproject Fedora=32
Fedoraproject Fedora=33
NetApp ONTAP Select Deploy administration utility
NetApp Service Processor
and 18 more
CVE-2020-15375
Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. Th...
Broadcom Fabric Operating System<7.4.2g
Broadcom Fabric Operating System>=8.0.0<8.1.2k
Broadcom Fabric Operating System>=8.2.0<8.2.0_cbn3
Broadcom Fabric Operating System>=8.2.1<8.2.1e
Broadcom Fabric Operating System>=8.2.2b<8.2.2c
CVE-2020-15376
Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the B...
Broadcom Fabric Operating System>=8.1.0<9.0.0
CVE-2020-29660
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOC...
redhat/kernel-rt<0:4.18.0-348.rt7.130.el8
redhat/kernel<0:4.18.0-348.el8
Google Android
ubuntu/linux<4.15.0-136.140
ubuntu/linux<5.4.0-66.74
ubuntu/linux<5.8.0-44.50
and 149 more
CVE-2020-29661
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
redhat/kernel<0:2.6.32-754.39.1.el6
redhat/kernel-rt<0:3.10.0-1160.21.1.rt56.1158.el7
redhat/kernel-alt<0:4.14.0-115.35.1.el7a
redhat/kernel<0:3.10.0-1160.21.1.el7
redhat/kernel<0:3.10.0-693.87.1.el7
redhat/kernel<0:3.10.0-957.70.1.el7
and 165 more
CVE-2020-15373
Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform var...
Broadcom Fabric Operating System=8.2.1
Broadcom Fabric Operating System=8.2.1a
Broadcom Fabric Operating System=8.2.1b
Broadcom Fabric Operating System=8.2.1c
Broadcom Fabric Operating System=8.2.1d
Broadcom Fabric Operating System=8.2.2
and 4 more
CVE-2020-15369
Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote serve...
Broadcom Fabric Operating System=8.2.1
Broadcom Fabric Operating System=8.2.1a
Broadcom Fabric Operating System=8.2.1b
Broadcom Fabric Operating System=8.2.1c
Broadcom Fabric Operating System=8.2.1d
Broadcom Fabric Operating System=8.2.2
and 3 more
CVE-2020-15372
A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker...
Broadcom Fabric Operating System<7.4.2g
Broadcom Fabric Operating System>=8.0.0<8.1.2k
Broadcom Fabric Operating System>=8.2.0<8.2.0_cbn3
Broadcom Fabric Operating System>=8.2.1<8.2.1e
Broadcom Fabric Operating System>=8.2.2<8.2.2a1
Broadcom Fabric Operating System>=8.2.2b<8.2.2c
CVE-2018-6448
A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.
Broadcom Fabric Operating System<9.0.0
CVE-2018-6449
Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP...
Broadcom Fabric Operating System<9.0.0
CVE-2020-15374
Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.
Broadcom Fabric Operating System=8.2.1
Broadcom Fabric Operating System=8.2.1a
Broadcom Fabric Operating System=8.2.1b
Broadcom Fabric Operating System=8.2.1c
Broadcom Fabric Operating System=8.2.1d
Broadcom Fabric Operating System=8.2.2
and 4 more
CVE-2020-15371
Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.
Broadcom Fabric Operating System=8.0.0
Broadcom Fabric Operating System=8.0.1
Broadcom Fabric Operating System=8.0.1a
Broadcom Fabric Operating System=8.0.1b
Broadcom Fabric Operating System=8.0.2
Broadcom Fabric Operating System=8.0.2a
and 29 more
CVE-2018-6447
A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated att...
Broadcom Fabric Operating System=2.1.2
Broadcom Fabric Operating System=2.2
Broadcom Fabric Operating System=3.1
Broadcom Fabric Operating System=5.0.5b
Broadcom Fabric Operating System=5.2.0
Broadcom Fabric Operating System=5.2.0a
and 49 more
CVE-2020-15370
Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user...
Broadcom Fabric Operating System<7.4.2g
CVE-2020-15778
** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has...
IBM Security Guardium Insights<=2.0.2
Openbsd Openssh<8.3
Openbsd Openssh=8.3
Openbsd Openssh=8.3-p1
Netapp A700s Firmware
Netapp A700s
and 19 more
CVE-2020-1967
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signatu...
debian/openssl
OpenSSL OpenSSL>=1.1.1d<=1.1.1f
Debian Debian Linux=9.0
Debian Debian Linux=10.0
FreeBSD FreeBSD=12.1
Fedoraproject Fedora=30
and 33 more
CVE-2019-16204
Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.
Broadcom Fabric Operating System<7.4.2f
Broadcom Fabric Operating System>=8.1.2<8.1.2j
Broadcom Fabric Operating System>=8.2.1<8.2.1d
Broadcom Fabric Operating System>=8.2.2<8.2.2a
CVE-2019-16203
Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.
Broadcom Fabric Operating System>=8.2.1<8.2.1d
Broadcom Fabric Operating System>=8.2.2<8.2.2a
CVE-2019-19069
A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_g...
ubuntu/linux<5.3.0-24.26
ubuntu/linux<5.4~
ubuntu/linux-aws<5.3.0-1008.9
ubuntu/linux-aws<5.4~
ubuntu/linux-aws-5.0<5.4~
ubuntu/linux-aws-hwe<5.4~
and 65 more
CVE-2019-19050
A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypt...
ubuntu/linux<5.3.0-40.32
ubuntu/linux<5.5~
ubuntu/linux-aws<5.3.0-1011.12
ubuntu/linux-aws<5.5~
ubuntu/linux-aws-5.0<5.0.0-1024.27~18.04.1
ubuntu/linux-aws-5.0<5.5~
and 79 more
CVE-2019-18683
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 acc...
ubuntu/linux<4.15.0-88.88
ubuntu/linux<5.3.0-40.32
ubuntu/linux<5.5~
ubuntu/linux<4.4.0-173.203
ubuntu/linux-aws<4.15.0-1060.62
ubuntu/linux-aws<5.3.0-1011.12
and 103 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203