CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8201
https://notcve.org/view.php?id=CVE-2016-8201
14 Jan 2017 — A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster. Una vulnerabilidad CSRF en versiones Brocade Virtual Traffic Manager publicadas anteriormente e incluyendo a la 11.0 podrían permitir a un atacante engañar a un usuario conectado para que realice cambios administrativos en el clúster del gestor de tráfico. • http://www.securityfocus.com/bid/95930 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.4EPSS: 10%CPEs: 1EXPL: 0CVE-2016-8206 – Brocade Network Advisor SoftwareImageUpload Directory Traversal Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2016-8206
14 Jan 2017 — A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files. Una vulnerabilidad de salto de directorio en el servlet SoftwareImageUpload en las versiones Brocade Network Advisor liberadas anteriormente e incluyendo a la 14.0.2 podrían permitir a atacantes remotos escribir archivos arbitrarios, y consecuentemente eliminar los archivo... • http://www.securityfocus.com/bid/95692 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 24%CPEs: 1EXPL: 0CVE-2016-8205 – Brocade Network Advisor DashboardFileReceiveServlet Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-8205
14 Jan 2017 — A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. Una vulnerabilidad de salto de directorio en DashboardFileReceiveServlet en las versiones Brocade Network Advisor liberadas anteriormente e incluyendo la 14.0.2 podrían permitir a atacantes remotos cargar un archivo malicioso en una sección del sistema... • http://www.securityfocus.com/bid/95694 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 5%CPEs: 1EXPL: 0CVE-2016-8207 – Brocade Network Advisor CliMonitorReportServlet Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-8207
14 Jan 2017 — A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information. Una vulnerabilidad de salto de directorio en CliMonitorReportServlet en las versiones Brocade Network Advisor liberadas anteriormente e incluyendo a la 14.0.2 podrían permitir a atacantes remotos leer archivos arbitrarios incluyendo archivos con información de usuario... • http://www.securityfocus.com/bid/95691 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-8203
https://notcve.org/view.php?id=CVE-2016-8203
31 Oct 2016 — A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service (line card reset) via certain constructed IPsec control packets. Una corrupción de memoria en la ruta de código IPsec de Brocade NetIron OS en Brocade MLXs 5.8.00 hasta la versión 5.8.00e, 5.9.00 hasta la versión 5.9.00bd, 6.0.00 y 6.0.00a imágenes podrían permitir a los atacantes provocar una denegació... • http://www.brocade.com/en/backend-content/pdf-page.html?/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-168.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-4869
https://notcve.org/view.php?id=CVE-2014-4869
07 Oct 2014 — The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group. El vRouter Brocade Vyatta 5400 6.4R(x), 6.6R(x), y 6.7R1 permite a atacantes obtener información sensible de contraseñas cifradas mediante el aprovechamiento de la pertenencia del del grupo de operadores. • http://www.kb.cert.org/vuls/id/111588 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2014-4868
https://notcve.org/view.php?id=CVE-2014-4868
07 Oct 2014 — The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command. La consola de gestión en el vRouter Brocade Vyatta 5400 6.4R(x), 6.6R(x), y 6.7R1 permite a usuarios remoto autenticados ejecutar comandos de Linux arbitrarios a través de metacaracteres de shell en un comando de la consola. • http://www.kb.cert.org/vuls/id/111588 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-4870
https://notcve.org/view.php?id=CVE-2014-4870
07 Oct 2014 — /opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration. /opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl en el vRouter Brocade Vyatta 5400 6.4R(x), 6.6R(x), y 6.7R1 no valida debidamente los parámetros, lo que permite a usuarios locales ganar privilegios mediante el aprovechamiento de la configuración sudo. • http://www.kb.cert.org/vuls/id/111588 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-7307
https://notcve.org/view.php?id=CVE-2013-7307
23 Jan 2014 — The OSPF implementation on the Brocade Vyatta vRouter with software before 6.6R1 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. La implementación OSPF en Brocade Vyatta vRouter con software anterior a la versión 6.6R1 no... • http://www.kb.cert.org/vuls/id/229804 •
CVSS: 9.1EPSS: 0%CPEs: 11EXPL: 0CVE-2013-7306
https://notcve.org/view.php?id=CVE-2013-7306
23 Jan 2014 — The OSPF implementation on Brocade routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. La implementación OSPF en routers BROCADE no considera la posibilidad de valores Link State ID duplicados en paquetes Link State A... • http://www.kb.cert.org/vuls/id/229804 • CWE-20: Improper Input Validation •