CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2020-15375
https://notcve.org/view.php?id=CVE-2020-15375
11 Dec 2020 — Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges. Brocade Fabric OS versiones anteriores a v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g, contienen una debilidad de comprobación inapropiada de la entrada en la interfaz de línea de co... • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1083 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15376
https://notcve.org/view.php?id=CVE-2020-15376
11 Dec 2020 — Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups. Brocade Fabric OS versiones anteriores a v9.0.0 y posteriores a versión v8.1.0, configuradas en el modo Virtual Fabric contienen una debilidad en la implementación de ldap que podría permitir a un usuario de LDAP rem... • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1158 •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-15374
https://notcve.org/view.php?id=CVE-2020-15374
25 Sep 2020 — Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input. La API Rest en Brocade Fabric OS versiones v8.2.1 hasta v8.2.1d y versiones 8.2.2 anteriores a v8.2.2c, es vulnerable a múltiples instancias de entrada reflejada • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1084 •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-15373
https://notcve.org/view.php?id=CVE-2020-15373
25 Sep 2020 — Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks. Múltiples vulnerabilidades de desbordamiento de búfer en la API REST en Brocade Fabric OS versiones v8.2.1 hasta v8.2.1d, y versiones 8.2.2 anteriores a v8.2.2c, podrían permitir a atacantes remotos no autenticados llevar a cabo varios ataques • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1082 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-15372
https://notcve.org/view.php?id=CVE-2020-15372
25 Sep 2020 — A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging. Una vulnerabilidad en la interfaz de línea de comandos en Brocade Fabric OS antes de Brocade Fabric OS versiones v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, podría permitir a un atacante aut... • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1081 • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 9.8EPSS: 0%CPEs: 35EXPL: 0CVE-2020-15371
https://notcve.org/view.php?id=CVE-2020-15371
25 Sep 2020 — Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability. Brocade Fabric OS versiones anteriores a Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contienen una inyección de código y una vulnerabilidad de escalada de privilegios • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1080 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15370
https://notcve.org/view.php?id=CVE-2020-15370
25 Sep 2020 — Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files. Brocade Fabric OS versiones anteriores a Brocade Fabric OS v7.4.2g, podían permitir a un atacante remoto autenticado visualizar una contraseña de usuario en texto sin cifrar. La vulnerabilidad es debido al registro incorrecto de la contraseña de usuario en los archivos de registro • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1079 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-15369
https://notcve.org/view.php?id=CVE-2020-15369
25 Sep 2020 — Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host. La CLI de Supportlink en Brocade Fabric OS Versiones v8.2.1 hasta v8.2.1d, y versiones 8.2.2 anteriores a v8.2.2c, no oculta el campo password, lo que podría exponer las credenciales de usuarios del servido... • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1078 • CWE-521: Weak Password Requirements •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6448
https://notcve.org/view.php?id=CVE-2018-6448
25 Sep 2020 — A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host. Una vulnerabilidad en la interfaz de administración en Brocade Fabric OS versiones anteriores a Brocade Fabric OS v9.0.0, podría permitir a un atacante remoto llevar a cabo un ataque de denegación de servicio en el host vulnerable • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1075 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6449
https://notcve.org/view.php?id=CVE-2018-6449
25 Sep 2020 — Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers Una vulnerabilidad de inyección de encabezado de host en la interfaz de administración http en Brocade Fabric OS versiones anteriores a v9.0.0, podría permitir a un atacante remoto explotar esta vulnerabilidad mediante la inyección de encabezados HTTP arbitrarios • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1077 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •