Vulnerabilities > Brocade
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-14 | CVE-2016-8201 | Cross-Site Request Forgery (CSRF) vulnerability in Brocade Virtual Traffic Manager A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster. | 6.0 |
| 2016-10-31 | CVE-2016-8203 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Brocade Netiron OS 6.0.00/6.0.00A A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service (line card reset) via certain constructed IPsec control packets. | 7.8 |
| 2014-10-07 | CVE-2014-4870 | Improper Input Validation vulnerability in Brocade Vyatta 5400 Vrouter and Vyatta 5400 Vrouter Software /opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration. | 7.2 |
| 2014-10-07 | CVE-2014-4869 | Permissions, Privileges, and Access Controls vulnerability in Brocade Vyatta 5400 Vrouter and Vyatta 5400 Vrouter Software The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group. | 5.0 |
| 2014-10-07 | CVE-2014-4868 | OS Command Injection vulnerability in Brocade Vyatta 5400 Vrouter and Vyatta 5400 Vrouter Software The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command. | 9.0 |
| 2014-01-23 | CVE-2013-7307 | Unspecified vulnerability in Brocade Vyatta Vrouter and Vyatta Vrouter Software The OSPF implementation on the Brocade Vyatta vRouter with software before 6.6R1 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | 5.4 |
| 2014-01-23 | CVE-2013-7306 | Improper Input Validation vulnerability in Brocade products The OSPF implementation on Brocade routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | 5.4 |
| 2011-07-17 | CVE-2011-2760 | Permissions, Privileges, and Access Controls vulnerability in Brocade Bigiron RX Switch Brocade BigIron RX switches allow remote attackers to bypass ACL rules by using 179 as the source port of a packet. | 5.0 |
| 2007-05-18 | CVE-2007-2764 | Improper Input Validation vulnerability in Linux Kernel The embedded Linux kernel in certain Sun-Brocade SilkWorm switches before 20070516 does not properly handle a situation in which a non-root user creates a kernel process, which allows attackers to cause a denial of service (oops and device reboot) via unspecified vectors. | 7.8 |
| 2004-09-04 | CVE-2004-1663 | Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets. | 5.0 |