Vulnerabilities > Broadcom
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-12 | CVE-2021-27791 | Out-of-bounds Read vulnerability in Broadcom Fabric Operating System The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. | 5.4 |
2021-08-12 | CVE-2021-27792 | Unspecified vulnerability in Broadcom Fabric Operating System The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. | 7.8 |
2021-08-12 | CVE-2021-27793 | Incorrect Authorization vulnerability in Broadcom Fabric Operating System ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch. | 5.3 |
2021-08-12 | CVE-2021-27794 | Improper Authentication vulnerability in Broadcom Fabric Operating System A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST. | 7.8 |
2021-07-14 | CVE-2021-34174 | Unspecified vulnerability in Broadcom Bcm4352 Firmware and Bcm43684 Firmware A vulnerability exists in Broadcom BCM4352 and BCM43684 chips. low complexity broadcom | 4.6 |
2021-06-30 | CVE-2021-30648 | Improper Authentication vulnerability in Broadcom products The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. | 9.8 |
2021-06-09 | CVE-2020-15377 | Server-Side Request Forgery (SSRF) vulnerability in Broadcom Sannav 2.1.0 Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF). | 9.8 |
2021-06-09 | CVE-2020-15378 | Unspecified vulnerability in Broadcom Sannav 2.1.0 The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface. | 5.3 |
2021-06-09 | CVE-2020-15379 | Improper Input Validation vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1/2.0 Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name. | 7.5 |
2021-06-09 | CVE-2020-15380 | Information Exposure Through Log Files vulnerability in Broadcom Sannav 2.1.0 Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level. | 7.5 |