Filtered by vendor Broadcom
Subscriptions
Total
566 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15380 | 1 Broadcom | 1 Sannav | 2024-11-21 | 7.5 High |
| Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level. | ||||
| CVE-2020-15379 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 7.5 High |
| Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name. | ||||
| CVE-2020-15378 | 1 Broadcom | 1 Sannav | 2024-11-21 | 5.3 Medium |
| The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface. | ||||
| CVE-2020-15377 | 1 Broadcom | 1 Sannav | 2024-11-21 | 9.8 Critical |
| Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF). | ||||
| CVE-2020-15376 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 4.3 Medium |
| Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups. | ||||
| CVE-2020-15375 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 6.7 Medium |
| Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges. | ||||
| CVE-2020-15374 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 9.8 Critical |
| Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input. | ||||
| CVE-2020-15373 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 9.8 Critical |
| Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks. | ||||
| CVE-2020-15372 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 5.5 Medium |
| A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging. | ||||
| CVE-2020-15371 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 9.8 Critical |
| Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability. | ||||
| CVE-2020-15370 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 6.5 Medium |
| Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files. | ||||
| CVE-2020-15369 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 8.8 High |
| Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host. | ||||
| CVE-2020-13645 | 5 Broadcom, Canonical, Fedoraproject and 2 more | 6 Fabric Operating System, Ubuntu Linux, Fedora and 3 more | 2024-11-21 | 6.5 Medium |
| In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host. | ||||
| CVE-2020-13401 | 4 Broadcom, Debian, Docker and 1 more | 4 Sannav, Debian Linux, Engine and 1 more | 2024-11-21 | 6.0 Medium |
| An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. | ||||
| CVE-2020-12740 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 9.1 Critical |
| tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c. | ||||
| CVE-2020-12695 | 22 Asus, Broadcom, Canon and 19 more | 218 Rt-n11, Adsl, Selphy Cp1200 and 215 more | 2024-11-21 | 7.5 High |
| The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | ||||
| CVE-2020-12595 | 1 Broadcom | 1 Symantec Messaging Gateway | 2024-11-21 | 4.9 Medium |
| An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4. | ||||
| CVE-2020-12594 | 1 Broadcom | 1 Symantec Messaging Gateway | 2024-11-21 | 7.2 High |
| A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4. | ||||
| CVE-2020-12243 | 9 Apple, Broadcom, Canonical and 6 more | 28 Mac Os X, Brocade Fabric Operating System, Ubuntu Linux and 25 more | 2024-11-21 | 7.5 High |
| In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). | ||||
| CVE-2020-11666 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-11-21 | 8.8 High |
| CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges. | ||||