Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fabric_operating_system
(Broadcom)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 70 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-24 | CVE-2020-15778 | scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows." | Fabric_operating_system, A700s_firmware, Active_iq_unified_manager, Hci_compute_node, Hci_management_node, Hci_storage_node, Solidfire, Steelstore_cloud_integrated_storage, Openssh | 7.8 | ||
| 2022-08-05 | CVE-2021-27798 | A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions v7.4.1.x and v7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life Publish report | Fabric_operating_system | 5.5 | ||
| 2021-04-01 | CVE-2021-22876 | curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. | Fabric_operating_system, Debian_linux, Fedora, Libcurl, Hci_compute_node, Hci_management_node, Hci_storage_node, Solidfire, Communications_billing_and_revenue_management, Essbase, Sinec_infrastructure_network_services, Universal_forwarder | 5.3 | ||
| 2021-04-01 | CVE-2021-22890 | curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby... | Fabric_operating_system, Debian_linux, Fedora, Libcurl, Hci_management_node, Hci_storage_node, Solidfire, Communications_billing_and_revenue_management, Essbase, Sinec_infrastructure_network_services, Universal_forwarder | 3.7 | ||
| 2023-08-01 | CVE-2023-31427 | Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled. | Fabric_operating_system | 7.8 | ||
| 2023-08-01 | CVE-2023-31426 | The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information. | Fabric_operating_system | 6.5 | ||
| 2023-12-06 | CVE-2021-27795 | Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key. | Fabric_operating_system | 8.1 | ||
| 2023-08-31 | CVE-2023-4163 | In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command. | Fabric_operating_system | 4.4 | ||
| 2023-08-31 | CVE-2023-3489 | The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS. | Fabric_operating_system | 7.5 | ||
| 2021-01-04 | CVE-2019-25013 | The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. | Fabric_operating_system, Debian_linux, Fedora, Glibc, 500f_firmware, A250_firmware, Ontap_select_deploy_administration_utility, Service_processor | 5.9 |