Total
10 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-31432 | 1 Broadcom | 1 Brocade Fabric Operating System | 2024-02-16 | N/A | 7.8 HIGH |
Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0. | |||||
CVE-2023-31926 | 1 Broadcom | 1 Brocade Fabric Operating System | 2024-02-16 | N/A | 7.1 HIGH |
System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0. | |||||
CVE-2023-31928 | 1 Broadcom | 1 Brocade Fabric Operating System | 2024-02-16 | N/A | 6.1 MEDIUM |
A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application. | |||||
CVE-2023-31430 | 1 Broadcom | 1 Brocade Fabric Operating System | 2024-02-05 | N/A | 5.5 MEDIUM |
A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service. | |||||
CVE-2023-31431 | 1 Broadcom | 1 Brocade Fabric Operating System | 2024-02-05 | N/A | 5.5 MEDIUM |
A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service. | |||||
CVE-2023-31428 | 1 Broadcom | 1 Brocade Fabric Operating System | 2024-02-05 | N/A | 5.5 MEDIUM |
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep. | |||||
CVE-2023-31927 | 1 Broadcom | 1 Brocade Fabric Operating System | 2024-02-05 | N/A | 5.3 MEDIUM |
An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface. | |||||
CVE-2021-23133 | 5 Broadcom, Debian, Fedoraproject and 2 more | 24 Brocade Fabric Operating System, Debian Linux, Fedora and 21 more | 2024-02-04 | 6.9 MEDIUM | 7.0 HIGH |
A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. | |||||
CVE-2020-1927 | 8 Apache, Broadcom, Canonical and 5 more | 14 Http Server, Brocade Fabric Operating System, Ubuntu Linux and 11 more | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. | |||||
CVE-2020-12243 | 8 Apple, Broadcom, Canonical and 5 more | 26 Mac Os X, Brocade Fabric Operating System, Ubuntu Linux and 23 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). |