Vulnerabilities > Broadcom

DATE CVE VULNERABILITY TITLE RISK
2021-08-12 CVE-2021-27791 Out-of-bounds Read vulnerability in Broadcom Fabric Operating System
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range.
network
low complexity
broadcom CWE-125
5.4
2021-08-12 CVE-2021-27792 Unspecified vulnerability in Broadcom Fabric Operating System
The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash.
local
low complexity
broadcom
7.8
2021-08-12 CVE-2021-27793 Incorrect Authorization vulnerability in Broadcom Fabric Operating System
ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.
network
low complexity
broadcom CWE-863
5.3
2021-08-12 CVE-2021-27794 Improper Authentication vulnerability in Broadcom Fabric Operating System
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.
local
low complexity
broadcom CWE-287
7.8
2021-07-14 CVE-2021-34174 Unspecified vulnerability in Broadcom Bcm4352 Firmware and Bcm43684 Firmware
A vulnerability exists in Broadcom BCM4352 and BCM43684 chips.
low complexity
broadcom
4.6
2021-06-30 CVE-2021-30648 Improper Authentication vulnerability in Broadcom products
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability.
network
low complexity
broadcom CWE-287
critical
9.8
2021-06-09 CVE-2020-15377 Server-Side Request Forgery (SSRF) vulnerability in Broadcom Sannav 2.1.0
Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF).
network
low complexity
broadcom CWE-918
critical
9.8
2021-06-09 CVE-2020-15378 Unspecified vulnerability in Broadcom Sannav 2.1.0
The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface.
network
low complexity
broadcom
5.3
2021-06-09 CVE-2020-15379 Improper Input Validation vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1/2.0
Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.
network
low complexity
broadcom CWE-20
7.5
2021-06-09 CVE-2020-15380 Information Exposure Through Log Files vulnerability in Broadcom Sannav 2.1.0
Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level.
network
low complexity
broadcom CWE-532
7.5