Vulnerabilities (CVE)

Filtered by vendor Broadcom Subscribe
Total 510 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-35494 4 Broadcom, Fedoraproject, Gnu and 1 more 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.
CVE-2020-35493 4 Broadcom, Fedoraproject, Gnu and 1 more 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.
CVE-2020-29661 6 Broadcom, Debian, Fedoraproject and 3 more 18 Fabric Operating System, Debian Linux, Fedora and 15 more 2024-11-21 7.2 HIGH 7.8 HIGH
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
CVE-2020-29660 5 Broadcom, Debian, Fedoraproject and 2 more 17 Fabric Operating System, Debian Linux, Fedora and 14 more 2024-11-21 2.1 LOW 4.4 MEDIUM
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
CVE-2020-29478 2 Broadcom, Microsoft 2 Ca Service Catalog, Windows 2024-11-21 5.0 MEDIUM 7.5 HIGH
CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition.
CVE-2020-28421 2 Broadcom, Microsoft 2 Unified Infrastructure Management, Windows 2024-11-21 4.6 MEDIUM 7.8 HIGH
CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.
CVE-2020-24266 2 Broadcom, Fedoraproject 2 Tcpreplay, Fedora 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service.
CVE-2020-24265 2 Broadcom, Fedoraproject 2 Tcpreplay, Fedora 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service.
CVE-2020-23273 1 Broadcom 1 Tcpreplay 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap.
CVE-2020-1967 10 Broadcom, Debian, Fedoraproject and 7 more 26 Fabric Operating System, Debian Linux, Fedora and 23 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
CVE-2020-1927 8 Apache, Broadcom, Canonical and 5 more 14 Http Server, Brocade Fabric Operating System, Ubuntu Linux and 11 more 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
CVE-2020-18976 1 Broadcom 1 Tcpreplay 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-edit' binary. This issue is different than CVE-2019-8381.
CVE-2020-15778 3 Broadcom, Netapp, Openbsd 10 Fabric Operating System, A700s, A700s Firmware and 7 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
CVE-2020-15436 3 Broadcom, Linux, Netapp 34 Brocade Fabric Operating System Firmware, Linux Kernel, A250 and 31 more 2024-11-21 7.2 HIGH 6.7 MEDIUM
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
CVE-2020-15388 1 Broadcom 1 Fabric Operating System 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.
CVE-2020-15387 1 Broadcom 2 Brocade Sannav, Fabric Operating System 2024-11-21 5.8 MEDIUM 7.4 HIGH
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.
CVE-2020-15386 1 Broadcom 1 Fabric Operating System 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations.
CVE-2020-15385 1 Broadcom 1 Sannav 2024-11-21 5.5 MEDIUM 5.4 MEDIUM
Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission.
CVE-2020-15384 1 Broadcom 1 Sannav 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header.
CVE-2020-15383 1 Broadcom 1 Fabric Operating System 2024-11-21 5.0 MEDIUM 7.5 HIGH
Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.