Vulnerabilities > Broadcom > Fabric Operating System > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-12-11 CVE-2020-15375 Improper Input Validation vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked.
local
low complexity
broadcom CWE-20
4.6
2020-12-09 CVE-2020-29660 Improper Locking vulnerability in multiple products
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
4.4
2020-09-25 CVE-2018-6449 Cross-site Scripting vulnerability in Broadcom Fabric Operating System
Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers
network
broadcom CWE-79
4.3
2020-09-25 CVE-2018-6448 Unspecified vulnerability in Broadcom Fabric Operating System
A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.
network
low complexity
broadcom
5.0
2020-09-25 CVE-2020-15370 Information Exposure Through Log Files vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext.
network
low complexity
broadcom CWE-532
4.0
2020-09-25 CVE-2020-15369 Weak Password Requirements vulnerability in Broadcom Fabric Operating System
Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server.
network
low complexity
broadcom CWE-521
4.0
2020-05-28 CVE-2020-13645 Improper Certificate Validation vulnerability in multiple products
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity.
6.5
2020-02-05 CVE-2019-16204 Information Exposure Through Log Files vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.
network
low complexity
broadcom CWE-532
5.0
2020-02-05 CVE-2019-16203 Information Exposure Through Log Files vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.
network
low complexity
broadcom CWE-532
5.0
2018-12-03 CVE-2018-6440 Unspecified vulnerability in Broadcom Fabric Operating System
A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack.
network
low complexity
broadcom
6.4