Skip to main content

Fabric Operating System

78 CVEs product

Monthly

CVE-2025-9711 HIGH This Week

Fabric Operating System versions up to 9.2.1 contains a vulnerability that allows attackers to elevating the privileges of the local authenticated user to “root” using the exp (CVSS 7.8).

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-58381 LOW Monitor

Fabric Operating System versions up to 9.2.1 contains a vulnerability that allows attackers to an authenticated attacker with admin privileges using the shell commands “sour (CVSS 2.3).

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
2.3
EPSS
0.0%
CVE-2025-58380 LOW Monitor

Fabric Operating System versions up to 9.2.1 contains a vulnerability that allows attackers to an authenticated attacker with admin privileges using the shell command “grep” t (CVSS 2.3).

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
2.3
EPSS
0.0%
CVE-2026-0383 HIGH This Week

Brocade Fabric OS contains a command injection vulnerability that allows authenticated local users with shell access to read sensitive files and command history due to insecure storage practices. An attacker with local privileges can exploit this to access confidential information stored on the system. No patch is currently available.

Command Injection Fabric Operating System
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-58383 HIGH This Week

Fabric Operating System versions up to 9.2.1 is affected by execution with unnecessary privileges (CVSS 7.2).

DNS Fabric Operating System
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-58382 HIGH This Week

Fabric Operating System contains a vulnerability that allows attackers to an authenticated, remote attacker with administrative credentials to execute ar (CVSS 7.2).

RCE Fabric Operating System
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-58379 MEDIUM This Month

Fabric Operating System versions up to 9.2.1 is affected by execution with unnecessary privileges (CVSS 5.5).

Privilege Escalation Fabric Operating System
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-4663 MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service (DoS). The vulnerability is encountered when supportsave is invoked remotely, using ssh command or SANnav inline ssh, and the corresponding ssh session is terminated with Control C (^c ) before supportsave completion. This issue affects Brocade Fabric OS 9.0.0 through 9.2.2

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-1976 HIGH KEV THREAT Act Now

Brocade Fabric OS 9.1.0 through 9.1.1d6 contains a code injection vulnerability that allows local admin users to execute arbitrary code with root privileges despite root access being removed.

RCE Code Injection Fabric Operating System
NVD
CVSS 4.0
8.6
EPSS
0.9%
CVE-2024-5462 MEDIUM This Month

If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-5461 HIGH This Week

Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
CVSS 4.0
8.6
EPSS
0.1%
CVE-2024-7517 HIGH This Week

A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
CVSS 4.0
8.5
EPSS
0.6%
CVE-2024-10403 MEDIUM This Month

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 4.0
5.9
EPSS
0.6%
CVE-2024-7516 HIGH This Week

A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-3596 CRITICAL CISA Emergency

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 19.0% and no vendor patch available.

Information Disclosure Freeradius Brocade Sannav Fabric Operating System Sonicos
NVD
CVSS 3.1
9.0
EPSS
19.0%
Threat
4.4
CVE-2024-5460 HIGH This Week

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fabric Operating System
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-29954 MEDIUM This Month

A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-29953 MEDIUM This Month

A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-4163 MEDIUM This Month

In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fabric Operating System
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2023-4162 MEDIUM This Month

A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Fabric Operating System
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-3489 HIGH This Week

The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-31427 HIGH This Week

Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Fabric Operating System
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31426 MEDIUM This Month

The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-31429 MEDIUM This Month

Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-31425 HIGH This Week

A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Fabric Operating System
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-33186 CRITICAL Act Now

A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-33185 HIGH This Week

Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Fabric Operating System
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-33184 HIGH This Week

A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Fabric Operating System
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-33183 HIGH This Week

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Fabric Operating System
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-33182 HIGH This Week

A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fabric Operating System
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-33181 MEDIUM This Month

An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-33180 MEDIUM This Month

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-33179 HIGH This Week

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fabric Operating System
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-33178 HIGH This Week

A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Fabric Operating System
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-28170 MEDIUM This Month

Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-28169 HIGH This Week

Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Fabric Operating System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-27776 MEDIUM POC This Month

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora Debian Linux Hci Bootstrap Os +9
NVD
CVSS 3.1
6.5
EPSS
3.4%
CVE-2022-27775 HIGH POC This Week

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux Hci Bootstrap Os Clustered Data Ontap +9
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2021-27794 HIGH This Week

A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fabric Operating System
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-27793 MEDIUM This Month

ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fabric Operating System
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-27792 HIGH This Week

The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Fabric Operating System
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-27791 MEDIUM This Month

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Fabric Operating System
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-27790 HIGH This Week

The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Fabric Operating System
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-22555 HIGH POC KEV PATCH THREAT Act Now

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption C400 Firmware C250 Firmware H410c Firmware +18
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
78.7%
CVE-2021-22890 LOW POC PATCH Monitor

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Libcurl Fedora Hci Management Node Solidfire +7
NVD
CVSS 3.1
3.7
EPSS
3.1%
CVE-2021-22876 MEDIUM POC PATCH This Month

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora Hci Management Node Solidfire +8
NVD
CVSS 3.1
5.3
EPSS
5.3%
CVE-2020-15376 MEDIUM This Month

Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-15375 MEDIUM This Month

Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fabric Operating System
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-29661 HIGH PATCH This Week

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +11
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-29660 MEDIUM POC PATCH This Month

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +10
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2020-15374 CRITICAL Act Now

Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15373 CRITICAL Act Now

Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Fabric Operating System
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-15372 MEDIUM This Month

A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fabric Operating System
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-15371 CRITICAL Act Now

Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Code Injection Fabric Operating System
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-15370 MEDIUM This Month

Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-15369 HIGH This Week

Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Fabric Operating System
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-15778 HIGH POC THREAT This Week

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSH Command Injection Openssh A700S Firmware Active Iq Unified Manager +6
NVD GitHub
CVSS 3.1
7.4
EPSS
13.0%
CVE-2020-13645 MEDIUM POC This Month

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Balsa Glib Networking Ubuntu Linux Fedora +2
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-13632 MEDIUM PATCH This Month

ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Sqlite Fedora Ubuntu Linux +9
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-13631 MEDIUM PATCH This Month

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Sqlite Fedora Ubuntu Linux Cloud Backup +14
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-13630 HIGH PATCH This Week

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Sqlite Fedora +17
NVD
CVSS 3.1
7.0
EPSS
1.0%
CVE-2020-1967 Cargo HIGH POC PATCH THREAT This Week

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service OpenSSL Debian Linux Freebsd +23
NVD GitHub
CVSS 3.1
7.5
EPSS
53.3%
CVE-2019-19069 HIGH PATCH This Week

A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux Active Iq Unified Manager +13
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-19050 HIGH PATCH This Week

A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Fedora Ubuntu Linux +14
NVD GitHub
CVSS 3.1
7.5
EPSS
5.1%
CVE-2019-18805 CRITICAL PATCH Act Now

An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Linux Linux Kernel Leap +15
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-18683 HIGH POC PATCH This Week

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Privilege Escalation Linux Kernel Ubuntu Linux +16
NVD
CVSS 3.1
7.0
EPSS
1.0%
CVE-2018-6440 CRITICAL Act Now

A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fabric Operating System
NVD
CVSS 3.0
9.1
EPSS
2.2%
CVE-2018-6439 HIGH This Week

A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2018-6438 HIGH This Week

A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6437 HIGH This Week

A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6436 HIGH This Week

A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6442 HIGH This Week

A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-6441 HIGH This Week

A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fabric Operating System
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6435 HIGH This Week

A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6434 HIGH This Week

A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Fabric Operating System
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-6433 MEDIUM This Month

A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fabric Operating System
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-8202 HIGH This Week

A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Fabric Operating System
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2016-4376 MEDIUM PATCH This Month

HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Fabric Operating System
NVD
CVSS 3.0
6.5
EPSS
0.5%
EPSS 0% CVSS 7.8
HIGH This Week

Fabric Operating System versions up to 9.2.1 contains a vulnerability that allows attackers to elevating the privileges of the local authenticated user to “root” using the exp (CVSS 7.8).

Information Disclosure Fabric Operating System
NVD
EPSS 0% CVSS 2.3
LOW Monitor

Fabric Operating System versions up to 9.2.1 contains a vulnerability that allows attackers to an authenticated attacker with admin privileges using the shell commands “sour (CVSS 2.3).

Information Disclosure Fabric Operating System
NVD
EPSS 0% CVSS 2.3
LOW Monitor

Fabric Operating System versions up to 9.2.1 contains a vulnerability that allows attackers to an authenticated attacker with admin privileges using the shell command “grep” t (CVSS 2.3).

Information Disclosure Fabric Operating System
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Brocade Fabric OS contains a command injection vulnerability that allows authenticated local users with shell access to read sensitive files and command history due to insecure storage practices. An attacker with local privileges can exploit this to access confidential information stored on the system. No patch is currently available.

Command Injection Fabric Operating System
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Fabric Operating System versions up to 9.2.1 is affected by execution with unnecessary privileges (CVSS 7.2).

DNS Fabric Operating System
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Fabric Operating System contains a vulnerability that allows attackers to an authenticated, remote attacker with administrative credentials to execute ar (CVSS 7.2).

RCE Fabric Operating System
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Fabric Operating System versions up to 9.2.1 is affected by execution with unnecessary privileges (CVSS 5.5).

Privilege Escalation Fabric Operating System
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service (DoS). The vulnerability is encountered when supportsave is invoked remotely, using ssh command or SANnav inline ssh, and the corresponding ssh session is terminated with Control C (^c ) before supportsave completion. This issue affects Brocade Fabric OS 9.0.0 through 9.2.2

Information Disclosure Fabric Operating System
NVD
EPSS 1% CVSS 8.6
HIGH KEV THREAT Act Now

Brocade Fabric OS 9.1.0 through 9.1.1d6 contains a code injection vulnerability that allows local admin users to execute arbitrary code with root privileges despite root access being removed.

RCE Code Injection Fabric Operating System
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
EPSS 1% CVSS 8.5
HIGH This Week

A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
EPSS 19% 4.4 CVSS 9.0
CRITICAL Emergency

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 19.0% and no vendor patch available.

Information Disclosure Freeradius Brocade Sannav +2
NVD
EPSS 1% CVSS 8.1
HIGH This Week

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fabric Operating System
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fabric Operating System
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Fabric Operating System
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Fabric Operating System
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Fabric Operating System
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Fabric Operating System
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fabric Operating System
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fabric Operating System
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Fabric Operating System
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Fabric Operating System
NVD
EPSS 3% CVSS 6.5
MEDIUM POC This Month

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora +11
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux +11
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fabric Operating System
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fabric Operating System
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Fabric Operating System
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Fabric Operating System
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 79% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption C400 Firmware +20
NVD GitHub Exploit-DB
EPSS 3% CVSS 3.7
LOW POC PATCH Monitor

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Libcurl Fedora +9
NVD
EPSS 5% CVSS 5.3
MEDIUM POC PATCH This Month

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora +10
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fabric Operating System
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption +13
NVD
EPSS 0% CVSS 4.4
MEDIUM POC PATCH This Month

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Memory Corruption +12
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Fabric Operating System
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fabric Operating System
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Code Injection +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Fabric Operating System
NVD
EPSS 13% CVSS 7.4
HIGH POC THREAT This Week

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSH Command Injection Openssh +8
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Balsa Glib Networking +4
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Sqlite +11
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Sqlite Fedora +16
NVD
EPSS 1% CVSS 7.0
HIGH PATCH This Week

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure +19
NVD
EPSS 53% CVSS 7.5
HIGH POC PATCH THREAT This Week

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service OpenSSL +25
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +15
NVD GitHub
EPSS 5% CVSS 7.5
HIGH PATCH This Week

A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +16
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Linux +17
NVD
EPSS 1% CVSS 7.0
HIGH POC PATCH This Week

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Privilege Escalation +18
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fabric Operating System
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fabric Operating System
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Fabric Operating System
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fabric Operating System
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Fabric Operating System
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Fabric Operating System
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy