Filtered by vendor Brocade
Subscribe
Total
29 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-27774 | 4 Brocade, Debian, Haxx and 1 more | 16 Fabric Operating System, Debian Linux, Curl and 13 more | 2023-02-23 | 3.5 LOW | 5.7 MEDIUM |
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. | |||||
CVE-2022-22576 | 4 Brocade, Debian, Haxx and 1 more | 16 Fabric Operating System, Debian Linux, Curl and 13 more | 2023-01-05 | 5.5 MEDIUM | 8.1 HIGH |
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). | |||||
CVE-2022-27775 | 4 Brocade, Debian, Haxx and 1 more | 16 Fabric Operating System, Debian Linux, Curl and 13 more | 2023-01-05 | 5.0 MEDIUM | 7.5 HIGH |
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. | |||||
CVE-2022-27776 | 5 Brocade, Debian, Fedoraproject and 2 more | 17 Fabric Operating System, Debian Linux, Fedora and 14 more | 2023-01-05 | 4.3 MEDIUM | 6.5 MEDIUM |
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. | |||||
CVE-2022-33186 | 1 Brocade | 1 Fabric Operating System | 2022-12-12 | N/A | 9.8 CRITICAL |
A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address. | |||||
CVE-2022-28161 | 1 Brocade | 1 Sannav | 2022-05-17 | 1.9 LOW | 5.5 MEDIUM |
An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode. | |||||
CVE-2020-13631 | 8 Apple, Brocade, Canonical and 5 more | 19 Icloud, Ipados, Iphone Os and 16 more | 2022-05-13 | 2.1 LOW | 5.5 MEDIUM |
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. | |||||
CVE-2020-13630 | 9 Apple, Brocade, Canonical and 6 more | 20 Icloud, Ipados, Iphone Os and 17 more | 2022-05-13 | 4.4 MEDIUM | 7.0 HIGH |
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. | |||||
CVE-2020-13632 | 8 Brocade, Canonical, Debian and 5 more | 13 Fabric Operating System, Ubuntu Linux, Debian Linux and 10 more | 2022-05-13 | 2.1 LOW | 5.5 MEDIUM |
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. | |||||
CVE-2021-22555 | 3 Brocade, Linux, Netapp | 20 Fabric Operating System, Linux Kernel, Aff 500f and 17 more | 2022-03-31 | 4.6 MEDIUM | 7.8 HIGH |
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space | |||||
CVE-2017-6225 | 2 Broadcom, Brocade | 2 Fabric Operating System, Fabric Os | 2021-06-22 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information. | |||||
CVE-2017-6227 | 2 Broadcom, Brocade | 2 Fabric Operating System, Fabric Os | 2021-06-22 | 6.1 MEDIUM | 6.5 MEDIUM |
A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system. | |||||
CVE-2004-1663 | 5 Broadcom, Brocade, Engenio and 2 more | 6 Fabric Operating System, Silkworm, Silkworm Fiber Channel Switch and 3 more | 2021-06-22 | 5.0 MEDIUM | N/A |
Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets. | |||||
CVE-2018-6445 | 2 Brocade, Netapp | 2 Network Advisor, Brocade Network Advisor | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. The attacker could gain access to the Brocade Network Advisor System after extracting/decrypting the passwords. | |||||
CVE-2007-2764 | 2 Brocade, Linux | 9 Silkworm 12000 Director, Silkworm 200e Switch, Silkworm 24000 Director and 6 more | 2019-08-14 | 7.8 HIGH | N/A |
The embedded Linux kernel in certain Sun-Brocade SilkWorm switches before 20070516 does not properly handle a situation in which a non-root user creates a kernel process, which allows attackers to cause a denial of service (oops and device reboot) via unspecified vectors. | |||||
CVE-2018-6444 | 2 Brocade, Netapp | 2 Network Advisor, Brocade Network Advisor | 2019-06-18 | 10.0 HIGH | 9.8 CRITICAL |
A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands. | |||||
CVE-2018-6443 | 2 Brocade, Netapp | 2 Network Advisor, Brocade Network Advisor | 2019-05-23 | 4.3 MEDIUM | 8.1 HIGH |
A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console. | |||||
CVE-2016-8201 | 1 Brocade | 1 Virtual Traffic Manager | 2019-04-17 | 6.0 MEDIUM | 8.0 HIGH |
A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster. | |||||
CVE-2016-8207 | 1 Brocade | 1 Network Advisor | 2018-05-09 | 5.0 MEDIUM | 7.5 HIGH |
A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information. | |||||
CVE-2016-8205 | 1 Brocade | 1 Network Advisor | 2018-05-09 | 10.0 HIGH | 9.8 CRITICAL |
A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. |