Brocade Fabric Operating System Firmware

DATE	CVE	VULNERABILITY TITLE	RISK
2023-03-30	CVE-2023-27534	Path Traversal vulnerability in multiple products A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. network low complexity haxx fedoraproject netapp broadcom splunk CWE-22	8.8
2023-03-30	CVE-2023-27537	Double Free vulnerability in multiple products A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". network high complexity haxx netapp broadcom splunk CWE-415	5.9
2023-03-30	CVE-2023-27538	Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. local low complexity haxx fedoraproject debian netapp broadcom splunk CWE-287	5.5
2022-03-23	CVE-2021-4197	Improper Authentication vulnerability in multiple products An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. local low complexity linux debian oracle broadcom netapp CWE-287	7.8
2021-09-16	CVE-2021-34798	NULL Pointer Dereference vulnerability in multiple products Malformed requests may cause the server to dereference a NULL pointer. network low complexity apache fedoraproject debian netapp tenable oracle broadcom siemens CWE-476	7.5
2021-09-16	CVE-2021-36160	Out-of-bounds Read vulnerability in multiple products A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). network low complexity apache fedoraproject debian netapp oracle broadcom CWE-125	7.5
2021-09-16	CVE-2021-40438	Server-Side Request Forgery (SSRF) vulnerability in multiple products A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. network high complexity apache fedoraproject debian netapp broadcom f5 oracle siemens tenable CWE-918 critical	9.0
2021-04-29	CVE-2021-31879	Open Redirect vulnerability in multiple products GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. network gnu broadcom netapp CWE-601	5.8
2021-03-26	CVE-2021-20197	Link Following vulnerability in multiple products There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. local high complexity gnu redhat netapp broadcom CWE-59	6.3
2021-03-11	CVE-2021-28153	Link Following vulnerability in multiple products An issue was discovered in GNOME GLib before 2.66.8. network low complexity gnome debian fedoraproject broadcom CWE-59	5.3