Filtered by vendor Broadcom
Subscriptions
Total
516 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15436 | 4 Broadcom, Linux, Netapp and 1 more | 37 Brocade Fabric Operating System Firmware, Linux Kernel, A250 and 34 more | 2024-11-21 | 6.7 Medium |
| Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. | ||||
| CVE-2020-15388 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 6.5 Medium |
| A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files. | ||||
| CVE-2020-15387 | 1 Broadcom | 2 Brocade Sannav, Fabric Operating System | 2024-11-21 | 7.4 High |
| The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications. | ||||
| CVE-2020-15386 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 5.3 Medium |
| Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations. | ||||
| CVE-2020-15385 | 1 Broadcom | 1 Sannav | 2024-11-21 | 5.4 Medium |
| Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission. | ||||
| CVE-2020-15384 | 1 Broadcom | 1 Sannav | 2024-11-21 | 5.3 Medium |
| Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header. | ||||
| CVE-2020-15383 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.5 High |
| Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic. | ||||
| CVE-2020-15382 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 7.2 High |
| Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time. | ||||
| CVE-2020-15381 | 1 Broadcom | 1 Sannav | 2024-11-21 | 7.5 High |
| Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server. | ||||
| CVE-2020-15380 | 1 Broadcom | 1 Sannav | 2024-11-21 | 7.5 High |
| Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level. | ||||
| CVE-2020-15379 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 7.5 High |
| Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name. | ||||
| CVE-2020-15378 | 1 Broadcom | 1 Sannav | 2024-11-21 | 5.3 Medium |
| The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface. | ||||
| CVE-2020-15377 | 1 Broadcom | 1 Sannav | 2024-11-21 | 9.8 Critical |
| Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF). | ||||
| CVE-2020-15376 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 4.3 Medium |
| Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups. | ||||
| CVE-2020-15375 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 6.7 Medium |
| Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges. | ||||
| CVE-2020-15374 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 9.8 Critical |
| Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input. | ||||
| CVE-2020-15373 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 9.8 Critical |
| Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks. | ||||
| CVE-2020-15372 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 5.5 Medium |
| A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging. | ||||
| CVE-2020-15371 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 9.8 Critical |
| Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability. | ||||
| CVE-2020-15370 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 6.5 Medium |
| Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files. | ||||