Vulnerabilities > Broadcom > Brocade Fabric Operating System

DATE CVE VULNERABILITY TITLE RISK
2023-08-02 CVE-2023-31926 Improper Preservation of Permissions vulnerability in Broadcom Brocade Fabric Operating System
System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.
local
low complexity
broadcom CWE-281
7.1
2023-08-02 CVE-2023-31927 Unspecified vulnerability in Broadcom Brocade Fabric Operating System
An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface.
network
low complexity
broadcom
5.3
2023-08-02 CVE-2023-31428 Unrestricted Upload of File with Dangerous Type vulnerability in Broadcom Brocade Fabric Operating System 9.2.0
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep.
local
low complexity
broadcom CWE-434
5.5
2023-08-02 CVE-2023-31430 Classic Buffer Overflow vulnerability in Broadcom Brocade Fabric Operating System 9.2.0
A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.
local
low complexity
broadcom CWE-120
5.5
2023-08-02 CVE-2023-31431 Classic Buffer Overflow vulnerability in Broadcom Brocade Fabric Operating System 9.2.0
A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service.
local
low complexity
broadcom CWE-120
5.5
2023-08-02 CVE-2023-31432 Improper Privilege Management vulnerability in Broadcom Brocade Fabric Operating System
Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.
local
low complexity
broadcom CWE-269
7.8
2023-08-02 CVE-2023-31928 Cross-site Scripting vulnerability in Broadcom Brocade Fabric Operating System 9.1.1C
A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application.
network
low complexity
broadcom CWE-79
6.1
2021-04-22 CVE-2021-23133 Race Condition vulnerability in multiple products
A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process.
7.0
2021-01-04 CVE-2020-35507 NULL Pointer Dereference vulnerability in multiple products
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference.
local
low complexity
gnu redhat netapp broadcom CWE-476
5.5
2020-04-28 CVE-2020-12243 Uncontrolled Recursion vulnerability in multiple products
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
5.0