Vulnerabilities > Broadcom > Fabric Operating System > High

DATE CVE VULNERABILITY TITLE RISK
2022-10-25 CVE-2022-33185 Out-of-bounds Write vulnerability in Broadcom Fabric Operating System
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input.
local
low complexity
broadcom CWE-787
7.8
2022-02-21 CVE-2021-27797 Use of Hard-coded Credentials vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.
network
low complexity
broadcom CWE-798
7.5
2021-08-12 CVE-2021-27790 Out-of-bounds Write vulnerability in Broadcom Fabric Operating System
The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input.
local
low complexity
broadcom CWE-787
7.2
2021-08-12 CVE-2021-27792 Unspecified vulnerability in Broadcom Fabric Operating System
The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash.
local
low complexity
broadcom
7.2
2020-12-09 CVE-2020-29661 Improper Locking vulnerability in multiple products
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
7.8
2020-09-25 CVE-2020-15374 Unspecified vulnerability in Broadcom Fabric Operating System
Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.
network
low complexity
broadcom
7.5
2020-09-25 CVE-2020-15373 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Broadcom Fabric Operating System
Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.
network
low complexity
broadcom CWE-119
7.5
2020-09-25 CVE-2020-15371 Unspecified vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.
network
low complexity
broadcom
7.5
2020-07-24 CVE-2020-15778 OS Command Injection vulnerability in multiple products
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument.
local
low complexity
openbsd netapp broadcom CWE-78
7.8
2020-04-21 CVE-2020-1967 NULL Pointer Dereference vulnerability in multiple products
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension.
7.5