Broadcom
Products by Broadcom Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2023 there have been 11 vulnerabilities in Broadcom with an average score of 7.1 out of ten. Last year Broadcom had 61 security vulnerabilities published. Right now, Broadcom is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.39
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 11 | 7.08 |
2022 | 61 | 7.48 |
2021 | 43 | 6.76 |
2020 | 46 | 7.33 |
2019 | 31 | 7.45 |
2018 | 44 | 7.52 |
It may take a day or so for new Broadcom vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Broadcom Security Vulnerabilities
An issue found in TCPreplay tcprewrite v.4.4.3
CVE-2023-27783
7.5 - High
- March 16, 2023
An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.
assertion failure
An issue found in TCPReplay v.4.4.3
CVE-2023-27784
7.5 - High
- March 16, 2023
An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint.
NULL Pointer Dereference
An issue found in TCPreplay TCPprep v.4.4.3
CVE-2023-27785
7.5 - High
- March 16, 2023
An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function.
NULL Pointer Dereference
An issue found in TCPprep v.4.4.3
CVE-2023-27786
7.5 - High
- March 16, 2023
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function.
NULL Pointer Dereference
An issue found in TCPprep v.4.4.3
CVE-2023-27787
7.5 - High
- March 16, 2023
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint.
NULL Pointer Dereference
An issue found in TCPrewrite v.4.4.3
CVE-2023-27788
7.5 - High
- March 16, 2023
An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the ports2PORT function at the portmap.c:69 endpoint.
assertion failure
An issue found in TCPprep v.4.4.3
CVE-2023-27789
7.5 - High
- March 16, 2023
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint.
assertion failure
Users supplied input (usually a CRLF sequence)
CVE-2023-23950
6.1 - Medium
- January 26, 2023
Users supplied input (usually a CRLF sequence) can be used to split a returning response into two responses.
XSS
Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application
CVE-2023-23951
6.1 - Medium
- January 26, 2023
Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application
XSS
An authenticated user can supply malicious HTML and JavaScript code
CVE-2023-23949
5.4 - Medium
- January 26, 2023
An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser.
XSS
Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability
CVE-2022-25631
7.8 - High
- January 20, 2023
Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated
Improper Privilege Management
An unauthenticated user can access Identity Managers management console specific page URLs
CVE-2022-25626
5.3 - Medium
- December 16, 2022
An unauthenticated user can access Identity Managers management console specific page URLs. However, the system doesnt allow the user to carry out server side tasks without a valid web session.
authentification
An authenticated administrator who has physical access to the environment
CVE-2022-25627
6.7 - Medium
- December 16, 2022
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4
An authenticated user
CVE-2022-25628
8.8 - High
- December 16, 2022
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4
XXE
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs
CVE-2022-33187
4.9 - Medium
- December 09, 2022
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information.
Insertion of Sensitive Information into Log File
Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources
CVE-2022-37016
9.8 - Critical
- December 01, 2022
Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
Improper Privilege Management
Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue
CVE-2022-37017
7.5 - High
- December 01, 2022
Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled.
AuthZ
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for
CVE-2022-28169
8.8 - High
- October 25, 2022
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header.
Improper Privilege Management
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could
CVE-2022-33178
7.2 - High
- October 25, 2022
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.
Improper Input Validation
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could
CVE-2022-33181
5.5 - Medium
- October 25, 2022
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands configshow and supportlink.
Information Disclosure
A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could
CVE-2022-33182
7.8 - High
- October 25, 2022
A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands supportlink, firmwaredownload, portcfgupload, license, and fosexec.
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could
CVE-2022-33183
8.8 - High
- October 25, 2022
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in firmwaredownload and diagshow commands.
A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could
CVE-2022-33184
7.8 - High
- October 25, 2022
A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account.
Memory Corruption
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input
CVE-2022-33185
7.8 - High
- October 25, 2022
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account.
Memory Corruption
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0
CVE-2022-28170
6.5 - Medium
- October 25, 2022
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.
Insecure Storage of Sensitive Information
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could
CVE-2022-33179
8.8 - High
- October 25, 2022
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with set context and escalate privileges.
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could
CVE-2022-33180
5.5 - Medium
- October 25, 2022
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with seccryptocfg, configupload.
A malicious unauthorized PAM user
CVE-2022-25625
8.8 - High
- August 26, 2022
A malicious unauthorized PAM user can access the administration configuration data and change the values.
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344
CVE-2022-37048
7.8 - High
- August 18, 2022
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941.
Memory Corruption
The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150
CVE-2022-37049
7.8 - High
- August 18, 2022
The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942.
Memory Corruption
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713
CVE-2022-37047
7.8 - High
- August 18, 2022
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940.
Memory Corruption
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could
CVE-2021-27798
5.5 - Medium
- August 05, 2022
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions v7.4.1.x and v7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life Publish report.
Directory traversal
Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability
CVE-2021-46825
9.1 - Critical
- July 07, 2022
Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
authentification
In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8
CVE-2022-28166
7.5 - High
- June 27, 2022
In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082.
Brocade SANnav before Brocade SANvav v
CVE-2022-28167
6.5 - Medium
- June 27, 2022
Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log
Insecure Storage of Sensitive Information
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could
CVE-2022-28168
7.5 - High
- June 27, 2022
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords.
Insecure Storage of Sensitive Information
A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers
CVE-2021-30651
4.9 - Medium
- June 24, 2022
A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access.
Insufficiently Protected Credentials
In addition to the c_rehash shell command injection identified in CVE-2022-1292
CVE-2022-2068
9.8 - Critical
- June 21, 2022
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
Shell injection
CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability
CVE-2022-33739
7.5 - High
- June 16, 2022
CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system.
aka Blind XPath Injection
CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent
CVE-2022-33750
9.8 - Critical
- June 16, 2022
CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands.
authentification
CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent
CVE-2022-33751
7.5 - High
- June 16, 2022
CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data.
Exposure of Resource to Wrong Sphere
CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent
CVE-2022-33752
9.8 - Critical
- June 16, 2022
CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.
Improper Input Validation
CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent
CVE-2022-33753
8.8 - High
- June 16, 2022
CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges.
Exposure of Resource to Wrong Sphere
CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent
CVE-2022-33754
9.8 - Critical
- June 16, 2022
CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.
Improper Input Validation
CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent
CVE-2022-33755
5.3 - Medium
- June 16, 2022
CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users.
Improper Input Validation
CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine
CVE-2022-33756
7.5 - High
- June 16, 2022
CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data.
Insufficient Entropy
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.
CVE-2022-28162
3.3 - Low
- May 09, 2022
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.
Cleartext Storage of Sensitive Information
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources
CVE-2022-28165
8.8 - High
- May 06, 2022
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests.
AuthZ
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection
CVE-2022-28163
9.8 - Critical
- May 06, 2022
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.
SQL Injection
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords
CVE-2022-28164
6.5 - Medium
- May 06, 2022
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords.
Inadequate Encryption Strength
Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function
CVE-2022-28487
7.5 - High
- May 04, 2022
Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality.
Memory Leak
Tcpreplay v4.4.1 was discovered to contain a double-free
CVE-2022-27416
7.8 - High
- April 12, 2022
Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.
Double-free
Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.
CVE-2022-27418
7.8 - High
- April 12, 2022
Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.
Memory Corruption
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical
CVE-2005-10001
6.1 - Medium
- March 28, 2022
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Open Redirect
tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.
CVE-2022-27942
7.8 - High
- March 26, 2022
tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.
Memory Corruption
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.
CVE-2022-27941
7.8 - High
- March 26, 2022
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.
Memory Corruption
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.
CVE-2022-27940
7.8 - High
- March 26, 2022
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.
Memory Corruption
tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.
CVE-2022-27939
5.5 - Medium
- March 26, 2022
tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.
assertion failure
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process
CVE-2021-4197
7.8 - High
- March 23, 2022
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.
authentification
tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1.
CVE-2022-25484
5.5 - Medium
- March 22, 2022
tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1.
assertion failure
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements
CVE-2021-27789
6.5 - Medium
- March 18, 2022
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials.
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could
CVE-2020-15388
6.5 - Medium
- March 18, 2022
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could
CVE-2021-27797
9.8 - Critical
- February 21, 2022
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.
Use of Hard-coded Credentials
A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could
CVE-2021-27796
6.5 - Medium
- February 21, 2022
A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the user or factory account, to read the contents of any file on the filesystem utilizing one of a few available binaries.
A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK)
CVE-2021-30650
6.1 - Medium
- February 18, 2022
A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious code into the OTK web UI client application.
XSS
XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation
CVE-2022-23992
9.8 - Critical
- February 14, 2022
XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges.
Improper Privilege Management
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c
CVE-2021-45386
5.5 - Medium
- February 11, 2022
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c
assertion failure
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c.
CVE-2021-45387
5.5 - Medium
- February 11, 2022
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c.
assertion failure
CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation
CVE-2022-22689
8.8 - High
- February 04, 2022
CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands.
CSV Injection
NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation
CVE-2022-23083
6.1 - Medium
- January 18, 2022
NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine.
XSS
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters
CVE-2022-23305
9.8 - Critical
- January 18, 2022
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
SQL Injection
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to
CVE-2022-23302
8.8 - High
- January 18, 2022
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
Marshaling, Unmarshaling
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature
CVE-2021-42775
9.1 - Critical
- November 12, 2021
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In non-secure mode, the user is unauthenticated.
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature
CVE-2021-42774
9.8 - Critical
- November 12, 2021
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks. In non-secure mode, the user is unauthenticated.
Classic Buffer Overflow
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could
CVE-2021-42773
7.5 - High
- November 12, 2021
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated.
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command
CVE-2021-42772
9.8 - Critical
- November 03, 2021
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that could allow a user to attempt various attacks. In non-secure mode, the user is unauthenticated
Classic Buffer Overflow
Heap-buffer overflow in the randomize_iparp function in edit_packet.c
CVE-2020-23273
5.5 - Medium
- September 22, 2021
Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap.
Memory Corruption
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS)
CVE-2021-36160
7.5 - High
- September 16, 2021
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
Out-of-bounds Read
Malformed requests may cause the server to dereference a NULL pointer
CVE-2021-34798
7.5 - High
- September 16, 2021
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
NULL Pointer Dereference
Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'
CVE-2020-18976
5.5 - Medium
- August 25, 2021
Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-edit' binary. This issue is different than CVE-2019-8381.
Classic Buffer Overflow
ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0
CVE-2021-27793
5.3 - Medium
- August 12, 2021
ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.
AuthZ
The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a
CVE-2021-27792
7.8 - High
- August 12, 2021
The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot.
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header
CVE-2021-27791
5.4 - Medium
- August 12, 2021
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.
Out-of-bounds Read
The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a
CVE-2021-27790
7.8 - High
- August 12, 2021
The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.
Memory Corruption
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could
CVE-2021-27794
7.8 - High
- August 12, 2021
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.
authentification
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability
CVE-2021-30648
9.8 - Critical
- June 30, 2021
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.
authentification
Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission
CVE-2020-15385
5.4 - Medium
- June 09, 2021
Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission.
Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability
CVE-2020-15384
5.3 - Medium
- June 09, 2021
Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header.
Cleartext Storage of Sensitive Information
Brocade SANnav before version 2.1.1 logs account credentials at the trace logging level.
CVE-2020-15380
7.5 - High
- June 09, 2021
Brocade SANnav before version 2.1.1 logs account credentials at the trace logging level.
Insertion of Sensitive Information into Log File
The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network
CVE-2020-15378
5.3 - Medium
- June 09, 2021
The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface.
Webtools in Brocade SANnav before version 2.1.1
CVE-2020-15377
9.8 - Critical
- June 09, 2021
Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF).
XSPA
Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning
CVE-2020-15386
5.3 - Medium
- June 09, 2021
Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations.
Brocade SANnav before v.2.1.0a could
CVE-2020-15379
7.5 - High
- June 09, 2021
Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.
Improper Input Validation
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits
CVE-2020-15387
7.4 - High
- June 09, 2021
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.
Inadequate Encryption Strength
Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability
CVE-2020-15381
7.5 - High
- June 09, 2021
Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server.
Insufficiently Protected Credentials
Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0
CVE-2020-15383
7.5 - High
- June 09, 2021
Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password passw0rd if a password is not provided for PostgreSQL at install-time.
CVE-2020-15382
7.2 - High
- June 09, 2021
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password passw0rd if a password is not provided for PostgreSQL at install-time.
Use of Hard-coded Credentials
Potential speculative code store bypass in all supported CPU products
CVE-2021-26313
5.5 - Medium
- June 09, 2021
Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.
Side Channel Attack
Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data
CVE-2021-26314
5.5 - Medium
- June 09, 2021
Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.
Exposure of Resource to Wrong Sphere