Vulnerabilities > Broadcom
|2021-08-12||CVE-2021-27790|| Improper Input Validation vulnerability in Broadcom Fabric Operating System |
The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input.
| 7.2 |
|2021-08-12||CVE-2021-27791|| Improper Authentication vulnerability in Broadcom Fabric Operating System |
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range.
| 5.5 |
|2021-08-12||CVE-2021-27792|| Improper Input Validation vulnerability in Broadcom Fabric Operating System |
The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash.
| 7.2 |
|2021-08-12||CVE-2021-27793|| Incorrect Authorization vulnerability in Broadcom Fabric Operating System |
ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.
| 5.0 |
|2021-08-12||CVE-2021-27794|| Improper Authentication vulnerability in Broadcom Fabric Operating System |
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.
| 4.6 |
|2021-07-14||CVE-2021-34174|| Unspecified vulnerability in Broadcom Bcm4352 Firmware and Bcm43684 Firmware |
A vulnerability exists in Broadcom BCM4352 and BCM43684 chips.
| 4.9 |
|2021-06-30||CVE-2021-30648|| Improper Authentication vulnerability in Broadcom products |
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability.
| 9.0 |
|2021-06-09||CVE-2020-15377|| Server-Side Request Forgery (SSRF) vulnerability in Broadcom Sannav |
Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF).
| 7.5 |
|2021-06-09||CVE-2020-15378|| Unspecified vulnerability in Broadcom Sannav |
The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface.
| 5.0 |
|2021-06-09||CVE-2020-15379|| Improper Input Validation vulnerability in Broadcom Brocade Sannav |
Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.
| 5.0 |