Brocade Fabric Operating System Broadcom Brocade Fabric Operating System

Do you want an email whenever new security vulnerabilities are reported in Broadcom Brocade Fabric Operating System?

By the Year

In 2024 there have been 0 vulnerabilities in Broadcom Brocade Fabric Operating System . Last year Brocade Fabric Operating System had 7 security vulnerabilities published. Right now, Brocade Fabric Operating System is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 7 6.11
2022 0 0.00
2021 2 6.25
2020 2 6.80
2019 0 0.00
2018 0 0.00

It may take a day or so for new Brocade Fabric Operating System vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Broadcom Brocade Fabric Operating System Security Vulnerabilities

An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could

CVE-2023-31927 5.3 - Medium - August 02, 2023

An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface.

System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.

CVE-2023-31926 7.1 - High - August 02, 2023

System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.

Improper Initialization

A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0

CVE-2023-31928 6.1 - Medium - August 02, 2023

A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target users session with the Brocade Webtools application.

XSS

A buffer overflow vulnerability in diagstatus command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could

CVE-2023-31431 5.5 - Medium - August 02, 2023

A buffer overflow vulnerability in diagstatus command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service.

Classic Buffer Overflow

A buffer overflow vulnerability in secpolicydelete command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could

CVE-2023-31430 5.5 - Medium - August 02, 2023

A buffer overflow vulnerability in secpolicydelete command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.

Classic Buffer Overflow

Through manipulation of passwords or other variables

CVE-2023-31432 7.8 - High - August 02, 2023

Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.

Improper Privilege Management

Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line

CVE-2023-31428 5.5 - Medium - August 02, 2023

Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep.

Unrestricted File Upload

A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation

CVE-2021-23133 7 - High - April 22, 2021

A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.

Race Condition

There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could

CVE-2020-35507 5.5 - Medium - January 04, 2021

There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.

NULL Pointer Dereference

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions

CVE-2020-12243 7.5 - High - April 28, 2020

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

Stack Exhaustion

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite

CVE-2020-1927 6.1 - Medium - April 02, 2020

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

Open Redirect

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Oracle Zfs Storage Appliance Kit or by Broadcom? Click the Watch button to subscribe.

Broadcom
Vendor

subscribe