Broadcom

Fabric Operating System

81 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2018-6448

  • EPSS 0.6%
  • Published 25.09.2020 14:15:13
  • Last modified 21.11.2024 04:10:42

A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.

6.1

CVE-2018-6449

  • EPSS 0.27%
  • Published 25.09.2020 14:15:13
  • Last modified 21.11.2024 04:10:42

Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers

8.8

CVE-2020-15369

  • EPSS 0.22%
  • Published 25.09.2020 14:15:13
  • Last modified 21.11.2024 05:05:25

Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed ...

6.5

CVE-2020-15370

  • EPSS 0.25%
  • Published 25.09.2020 14:15:13
  • Last modified 21.11.2024 05:05:25

Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files.

9.8

CVE-2020-15371

  • EPSS 0.57%
  • Published 25.09.2020 14:15:13
  • Last modified 21.11.2024 05:05:26

Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.

9.8

CVE-2020-15373

  • EPSS 0.93%
  • Published 25.09.2020 14:15:13
  • Last modified 21.11.2024 05:05:26

Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.

9.8

CVE-2020-15374

  • EPSS 0.5%
  • Published 25.09.2020 14:15:13
  • Last modified 21.11.2024 05:05:26

Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.

7.4

CVE-2020-15778

Exploit
  • EPSS 61.48%
  • Published 24.07.2020 14:15:12
  • Last modified 28.07.2025 18:12:45

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous arg...

6.5

CVE-2020-13645

Exploit
  • EPSS 0.61%
  • Published 28.05.2020 12:15:11
  • Last modified 21.11.2024 05:01:40

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended docu...

7.5

CVE-2020-1967

Exploit
  • EPSS 66.69%
  • Published 21.04.2020 14:15:11
  • Last modified 21.11.2024 05:11:45

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occur...