Filtered by vendor Broadcom
Subscribe
Total
506 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-18976 | 1 Broadcom | 1 Tcpreplay | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-edit' binary. This issue is different than CVE-2019-8381. | |||||
CVE-2021-30648 | 1 Broadcom | 15 Symantec Advanced Secure Gateway 500-10, Symantec Advanced Secure Gateway 500-10 Firmware, Symantec Advanced Secure Gateway S200-30 and 12 more | 2023-12-10 | 9.0 HIGH | 9.8 CRITICAL |
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance. | |||||
CVE-2020-15387 | 1 Broadcom | 2 Brocade Sannav, Fabric Operating System | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications. | |||||
CVE-2021-20197 | 4 Broadcom, Gnu, Netapp and 1 more | 6 Brocade Fabric Operating System Firmware, Binutils, Cloud Backup and 3 more | 2023-12-10 | 3.3 LOW | 6.3 MEDIUM |
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. | |||||
CVE-2020-15384 | 1 Broadcom | 1 Sannav | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header. | |||||
CVE-2020-15378 | 1 Broadcom | 1 Sannav | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface. | |||||
CVE-2020-15381 | 1 Broadcom | 1 Sannav | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server. | |||||
CVE-2021-31879 | 3 Broadcom, Gnu, Netapp | 8 Brocade Fabric Operating System Firmware, Wget, 500f and 5 more | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. | |||||
CVE-2020-15382 | 1 Broadcom | 1 Brocade Sannav | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time. | |||||
CVE-2021-26314 | 6 Amd, Arm, Broadcom and 3 more | 11 Ryzen 5 5600x, Ryzen 7 2700x, Ryzen Threadripper 2990wx and 8 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage. | |||||
CVE-2020-15377 | 1 Broadcom | 1 Sannav | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF). | |||||
CVE-2020-15379 | 1 Broadcom | 1 Brocade Sannav | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name. | |||||
CVE-2020-29478 | 2 Broadcom, Microsoft | 2 Ca Service Catalog, Windows | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition. | |||||
CVE-2018-6448 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host. | |||||
CVE-2020-15372 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging. | |||||
CVE-2020-12594 | 1 Broadcom | 1 Symantec Messaging Gateway | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4. | |||||
CVE-2020-15376 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups. | |||||
CVE-2020-35507 | 4 Broadcom, Gnu, Netapp and 1 more | 9 Brocade Fabric Operating System, Binutils, Cloud Backup and 6 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. | |||||
CVE-2020-35496 | 4 Broadcom, Fedoraproject, Gnu and 1 more | 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. | |||||
CVE-2020-15375 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges. |