Skip to main content

Brocade Fabric Operating System Firmware

22 CVEs product

Monthly

CVE-2023-27538 MEDIUM POC This Month

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora Debian Linux Active Iq Unified Manager +7
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2023-27537 MEDIUM POC This Month

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Libcurl Active Iq Unified Manager Clustered Data Ontap Brocade Fabric Operating System Firmware +5
NVD
CVSS 3.1
5.9
EPSS
1.9%
CVE-2023-27534 HIGH POC This Week

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Curl Fedora Active Iq Unified Manager +6
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-45485 HIGH PATCH This Week

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel E Series Santricity Os Controller Solidfire Enterprise Sds Hci Storage Node +23
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2021-40438 CRITICAL POC KEV PATCH THREAT Act Now

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.4.48 and earlier. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache SSRF Rocky Linux Enterprise Linux Enterprise Linux Eus +35
NVD
CVSS 3.1
9.0
EPSS
100.0%
CVE-2021-36160 HIGH PATCH This Week

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).4.30 to 2.4.48 (inclusive). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Apache Information Disclosure Http Server Fedora +10
NVD
CVSS 3.1
7.5
EPSS
62.9%
CVE-2021-34798 HIGH PATCH This Week

Malformed requests may cause the server to dereference a NULL pointer.4.48 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Apache Denial Of Service Http Server Fedora +15
NVD
CVSS 3.1
7.5
EPSS
64.5%
CVE-2021-31879 MEDIUM This Month

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Wget Brocade Fabric Operating System Firmware Cloud Backup Ontap Select Deploy Administration Utility +2
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-20197 MEDIUM PATCH This Month

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. Rated medium severity (CVSS 6.3).

Information Disclosure Binutils Enterprise Linux Cloud Backup Ontap Select Deploy Administration Utility +2
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2021-28153 MEDIUM POC This Month

An issue was discovered in GNOME GLib before 2.66.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Glib Brocade Fabric Operating System Firmware Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
2.6%
CVE-2021-27219 HIGH POC This Week

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Glib Fedora Active Iq Unified Manager Cloud Backup +3
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2021-27218 HIGH PATCH This Week

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Glib Fedora Active Iq Unified Manager Cloud Backup +3
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2020-15436 MEDIUM POC This Month

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Linux Memory Corruption Linux Kernel +18
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2020-8648 HIGH POC This Week

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +8
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2019-19063 MEDIUM PATCH This Month

Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption),. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Sd Wan Edge Ubuntu Linux +15
NVD GitHub
CVSS 3.1
4.6
EPSS
0.9%
CVE-2019-19061 HIGH PATCH This Week

A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux Active Iq Unified Manager +12
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-19060 HIGH PATCH This Week

A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Active Iq Unified Manager Aff Baseboard Management Controller +13
NVD GitHub
CVSS 3.1
7.5
EPSS
3.8%
CVE-2019-19057 LOW PATCH Monitor

Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux Debian Linux +15
NVD GitHub
CVSS 3.1
3.3
EPSS
0.8%
CVE-2019-19054 MEDIUM PATCH This Month

A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel Ubuntu Linux Fedora +14
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2019-19053 HIGH PATCH This Week

A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux Active Iq Unified Manager +12
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-19052 HIGH PATCH This Week

A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Sd Wan Edge Ubuntu Linux +15
NVD GitHub
CVSS 3.1
7.5
EPSS
5.4%
CVE-2019-19044 HIGH PATCH This Week

Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Active Iq Unified Manager Aff Baseboard Management Controller +12
NVD GitHub
CVSS 3.1
7.5
EPSS
4.1%
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora +9
NVD
EPSS 2% CVSS 5.9
MEDIUM POC This Month

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Libcurl Active Iq Unified Manager +7
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Curl +8
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel +25
NVD
EPSS 100% CVSS 9.0
CRITICAL POC KEV PATCH THREAT Act Now

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.4.48 and earlier. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache SSRF Rocky Linux +37
NVD
EPSS 63% CVSS 7.5
HIGH PATCH This Week

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).4.30 to 2.4.48 (inclusive). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Apache Information Disclosure +12
NVD
EPSS 65% CVSS 7.5
HIGH PATCH This Week

Malformed requests may cause the server to dereference a NULL pointer.4.48 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Apache Denial Of Service +17
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Wget Brocade Fabric Operating System Firmware +4
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. Rated medium severity (CVSS 6.3).

Information Disclosure Binutils Enterprise Linux +4
NVD
EPSS 3% CVSS 5.3
MEDIUM POC This Month

An issue was discovered in GNOME GLib before 2.66.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Glib Brocade Fabric Operating System Firmware +2
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Glib Fedora +5
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Glib Fedora +5
NVD
EPSS 1% CVSS 6.7
MEDIUM POC This Month

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Linux +20
NVD
EPSS 1% CVSS 7.1
HIGH POC This Week

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Memory Corruption +10
NVD
EPSS 1% CVSS 4.6
MEDIUM PATCH This Month

Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption),. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +17
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +14
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +15
NVD GitHub
EPSS 1% CVSS 3.3
LOW PATCH Monitor

Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +17
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel +16
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +14
NVD GitHub
EPSS 5% CVSS 7.5
HIGH PATCH This Week

A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +17
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +14
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy