Broadcom Broadcom

Do you want an email whenever new security vulnerabilities are reported in any Broadcom product?

Products by Broadcom Sorted by Most Security Vulnerabilities since 2018

Broadcom Tcpreplay29 vulnerabilities

Broadcom Etrust Antivirus16 vulnerabilities

Broadcom Symantec Proxysg13 vulnerabilities

Broadcom Inoculateit13 vulnerabilities

Broadcom Brocade Sannav11 vulnerabilities

Broadcom Etrust Ez Antivirus11 vulnerabilities

Broadcom Sannav10 vulnerabilities

Broadcom Etrust Ez Armor10 vulnerabilities

Broadcom Arcserve Backup9 vulnerabilities

Broadcom Common Services7 vulnerabilities

Broadcom Release Automation6 vulnerabilities

Broadcom Etrust Admin6 vulnerabilities

Broadcom Brightstor Portal5 vulnerabilities

Broadcom Unicenter Tng5 vulnerabilities

Broadcom License Software5 vulnerabilities

Broadcom Anti Virus Sdk4 vulnerabilities

Broadcom Total Defense4 vulnerabilities

Broadcom Cleverpath Ecm4 vulnerabilities

Broadcom Cleverpath Olap4 vulnerabilities

Broadcom Emulex Hba Manager4 vulnerabilities

Broadcom Unicenter Jasmine4 vulnerabilities

Broadcom Adviseit3 vulnerabilities

Broadcom Anti Virus3 vulnerabilities

Broadcom Cleverpath Aion3 vulnerabilities

Broadcom Cleverpath Portal3 vulnerabilities

Broadcom Ehealth3 vulnerabilities

Broadcom Spectrum2 vulnerabilities

Broadcom Anti Spyware2 vulnerabilities

Broadcom Bcm27112 vulnerabilities

Broadcom Brcmfmac Driver2 vulnerabilities

Broadcom Etrust Antivirus Ee2 vulnerabilities

Broadcom Siteminder2 vulnerabilities

Broadcom Single Sign On2 vulnerabilities

Broadcom Etrust Pestpatrol2 vulnerabilities

Broadcom Etrust Siteminder2 vulnerabilities

Broadcom Messaging2 vulnerabilities

Broadcom Adsl1 vulnerability

Broadcom Antivirus Sdk1 vulnerability

Broadcom Ccc Harvest1 vulnerability

Broadcom Controlit1 vulnerability

By the Year

In 2022 there have been 25 vulnerabilities in Broadcom with an average score of 7.3 out of ten. Last year Broadcom had 35 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Broadcom in 2022 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.33.

Year Vulnerabilities Average Score
2022 25 7.27
2021 35 6.94
2020 43 7.39
2019 23 7.87
2018 44 7.52

It may take a day or so for new Broadcom vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Broadcom Security Vulnerabilities

Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.

CVE-2022-28162 3.3 - Low - May 09, 2022

Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.

Cleartext Storage of Sensitive Information

A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources

CVE-2022-28165 8.8 - High - May 06, 2022

A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests.

AuthZ

In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection

CVE-2022-28163 9.8 - Critical - May 06, 2022

In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.

SQL Injection

Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords

CVE-2022-28164 6.5 - Medium - May 06, 2022

Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords.

Inadequate Encryption Strength

Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function

CVE-2022-28487 7.5 - High - May 04, 2022

Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality.

Memory Leak

Tcpreplay v4.4.1 was discovered to contain a double-free

CVE-2022-27416 7.8 - High - April 12, 2022

Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.

Double-free

Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.

CVE-2022-27418 7.8 - High - April 12, 2022

Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.

Memory Corruption

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical

CVE-2005-10001 6.1 - Medium - March 28, 2022

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Open Redirect

tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.

CVE-2022-27939 5.5 - Medium - March 26, 2022

tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.

assertion failure

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.

CVE-2022-27940 7.8 - High - March 26, 2022

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.

Memory Corruption

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.

CVE-2022-27941 7.8 - High - March 26, 2022

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.

Memory Corruption

tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.

CVE-2022-27942 7.8 - High - March 26, 2022

tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.

Memory Corruption

tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1.

CVE-2022-25484 5.5 - Medium - March 22, 2022

tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1.

assertion failure

A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could

CVE-2020-15388 6.5 - Medium - March 18, 2022

A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.

Incorrect Permission Assignment for Critical Resource

The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements

CVE-2021-27789 6.5 - Medium - March 18, 2022

The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials.

A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could

CVE-2021-27796 6.5 - Medium - February 21, 2022

A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the user or factory account, to read the contents of any file on the filesystem utilizing one of a few available binaries.

Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could

CVE-2021-27797 9.8 - Critical - February 21, 2022

Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.

Use of Hard-coded Credentials

A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK)

CVE-2021-30650 6.1 - Medium - February 18, 2022

A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious code into the OTK web UI client application.

XSS

XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation

CVE-2022-23992 9.8 - Critical - February 14, 2022

XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges.

Improper Privilege Management

tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c

CVE-2021-45386 5.5 - Medium - February 11, 2022

tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c

assertion failure

tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c.

CVE-2021-45387 5.5 - Medium - February 11, 2022

tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c.

assertion failure

CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation

CVE-2022-22689 8.8 - High - February 04, 2022

CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands.

CSV Injection

NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation

CVE-2022-23083 6.1 - Medium - January 18, 2022

NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine.

XSS

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to

CVE-2022-23302 8.8 - High - January 18, 2022

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

Marshaling, Unmarshaling

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters

CVE-2022-23305 9.8 - Critical - January 18, 2022

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

SQL Injection

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature

CVE-2021-42775 9.1 - Critical - November 12, 2021

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In non-secure mode, the user is unauthenticated.

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could

CVE-2021-42773 7.5 - High - November 12, 2021

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated.

Information Disclosure

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature

CVE-2021-42774 9.8 - Critical - November 12, 2021

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks. In non-secure mode, the user is unauthenticated.

Classic Buffer Overflow

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command

CVE-2021-42772 9.8 - Critical - November 03, 2021

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that could allow a user to attempt various attacks. In non-secure mode, the user is unauthenticated

Classic Buffer Overflow

Heap-buffer overflow in the randomize_iparp function in edit_packet.c

CVE-2020-23273 5.5 - Medium - September 22, 2021

Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap.

Memory Corruption

Malformed requests may cause the server to dereference a NULL pointer

CVE-2021-34798 7.5 - High - September 16, 2021

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

NULL Pointer Dereference

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS)

CVE-2021-36160 7.5 - High - September 16, 2021

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

Out-of-bounds Read

Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'

CVE-2020-18976 5.5 - Medium - August 25, 2021

Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-edit' binary. This issue is different than CVE-2019-8381.

Classic Buffer Overflow

A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could

CVE-2021-27794 7.8 - High - August 12, 2021

A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.

authentification

ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0

CVE-2021-27793 5.3 - Medium - August 12, 2021

ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.

AuthZ

The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a

CVE-2021-27792 7.8 - High - August 12, 2021

The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot.

Improper Input Validation

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header

CVE-2021-27791 5.4 - Medium - August 12, 2021

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.

authentification

The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a

CVE-2021-27790 7.8 - High - August 12, 2021

The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.

Memory Corruption

The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability

CVE-2021-30648 9.8 - Critical - June 30, 2021

The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.

authentification

Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission

CVE-2020-15385 5.4 - Medium - June 09, 2021

Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission.

Incorrect Permission Assignment for Critical Resource

Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability

CVE-2020-15384 5.3 - Medium - June 09, 2021

Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header.

Cleartext Storage of Sensitive Information

Brocade SANnav before version 2.1.1 logs account credentials at the trace logging level.

CVE-2020-15380 7.5 - High - June 09, 2021

Brocade SANnav before version 2.1.1 logs account credentials at the trace logging level.

Insertion of Sensitive Information into Log File

The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network

CVE-2020-15378 5.3 - Medium - June 09, 2021

The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface.

Webtools in Brocade SANnav before version 2.1.1

CVE-2020-15377 9.8 - Critical - June 09, 2021

Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF).

XSPA

Brocade SANnav before v.2.1.0a could

CVE-2020-15379 7.5 - High - June 09, 2021

Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.

Improper Input Validation

The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits

CVE-2020-15387 7.4 - High - June 09, 2021

The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.

Inadequate Encryption Strength

Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning

CVE-2020-15386 5.3 - Medium - June 09, 2021

Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations.

Resource Exhaustion

Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability

CVE-2020-15381 7.5 - High - June 09, 2021

Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server.

Insufficiently Protected Credentials

Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0

CVE-2020-15383 7.5 - High - June 09, 2021

Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.

Resource Exhaustion

Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password passw0rd if a password is not provided for PostgreSQL at install-time.

CVE-2020-15382 7.2 - High - June 09, 2021

Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password passw0rd if a password is not provided for PostgreSQL at install-time.

Use of Hard-coded Credentials

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data

CVE-2021-26314 5.5 - Medium - June 09, 2021

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

Exposure of Resource to Wrong Sphere

Potential speculative code store bypass in all supported CPU products

CVE-2021-26313 5.5 - Medium - June 09, 2021

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.

Exposure of Resource to Wrong Sphere

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin

CVE-2021-31879 6.1 - Medium - April 29, 2021

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.

Open Redirect

curl 7.63.0 to and including 7.75.0 includes vulnerability

CVE-2021-22890 3.7 - Low - April 01, 2021

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.

Authentication Bypass by Spoofing

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header

CVE-2021-22876 5.3 - Medium - April 01, 2021

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.

Information Disclosure

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar

CVE-2021-20197 6.3 - Medium - March 26, 2021

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

insecure temporary file

** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation

CVE-2021-28246 7.8 - High - March 26, 2021

** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Untrusted Path

** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts

CVE-2021-28248 7.5 - High - March 26, 2021

** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Improper Restriction of Excessive Authentication Attempts

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3

CVE-2021-27219 7.5 - High - February 15, 2021

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

Incorrect Conversion between Numeric Types

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32

CVE-2019-25013 5.9 - Medium - January 04, 2021

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

Out-of-bounds Read

Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation

CVE-2020-15376 4.3 - Medium - December 11, 2020

Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups.

Brocade Fabric OS versions before v9.0.0

CVE-2020-15375 6.7 - Medium - December 11, 2020

Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges.

Improper Input Validation

An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server

CVE-2020-12595 4.9 - Medium - December 10, 2020

An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4.

A privilege escalation flaw

CVE-2020-12594 7.2 - High - December 10, 2020

A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4.

Improper Privilege Management

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13

CVE-2020-29660 4.4 - Medium - December 09, 2020

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.

Dangling pointer

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13

CVE-2020-29661 7.8 - High - December 09, 2020

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

Dangling pointer

An issue was discovered in tcpreplay tcpprep v4.3.3

CVE-2020-24266 7.5 - High - October 19, 2020

An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service.

Memory Corruption

An issue was discovered in tcpreplay tcpprep v4.3.3

CVE-2020-24265 7.5 - High - October 19, 2020

An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service.

Memory Corruption

A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could

CVE-2018-6448 7.5 - High - September 25, 2020

A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.

Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could

CVE-2018-6449 6.1 - Medium - September 25, 2020

Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers

XSS

Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d

CVE-2020-15374 9.8 - Critical - September 25, 2020

Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.

Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could

CVE-2020-15373 9.8 - Critical - September 25, 2020

Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.

Buffer Overflow

A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could

CVE-2020-15372 5.5 - Medium - September 25, 2020

A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging.

Improper Control of Dynamically-Managed Code Resources

Brocade Fabric OS versions before Brocade Fabric OS v9.0.0

CVE-2020-15371 9.8 - Critical - September 25, 2020

Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.

Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could

CVE-2020-15370 6.5 - Medium - September 25, 2020

Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files.

Insertion of Sensitive Information into Log File

Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field

CVE-2020-15369 8.8 - High - September 25, 2020

Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host.

Weak Password Requirements

A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could

CVE-2018-6447 5.4 - Medium - September 25, 2020

A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a users session and take over the account.

XSS

** DISPUTED ** scp in OpenSSH through 8.3p1

CVE-2020-15778 7.8 - High - July 24, 2020

** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

Shell injection

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL

CVE-2020-12695 7.5 - High - June 08, 2020

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

Incorrect Default Permissions

In GNOME glib-networking through 2.64.2

CVE-2020-13645 6.5 - Medium - May 28, 2020

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.

Improper Certificate Validation

tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation

CVE-2020-12740 9.1 - Critical - May 08, 2020

tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c.

Out-of-bounds Read

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions

CVE-2020-12243 7.5 - High - April 28, 2020

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

Stack Exhaustion

Server or client applications

CVE-2020-1967 7.5 - High - April 21, 2020

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

NULL Pointer Dereference

CA API Developer Portal 4.3.1 and earlier contains an access control flaw

CVE-2020-11659 4.3 - Medium - April 15, 2020

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action.

Insecure Direct Object Reference / IDOR

CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which

CVE-2020-11658 9.8 - Critical - April 15, 2020

CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.

Insecure Direct Object Reference / IDOR

CA API Developer Portal 4.3.1 and earlier contains an access control flaw

CVE-2020-11660 6.5 - Medium - April 15, 2020

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information.

Information Disclosure

CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which

CVE-2020-11662 7.5 - High - April 15, 2020

CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information.

Information Disclosure

CA API Developer Portal 4.3.1 and earlier contains an access control flaw

CVE-2020-11666 8.8 - High - April 15, 2020

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges.

Improper Privilege Management

CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which

CVE-2020-11665 6.1 - Medium - April 15, 2020

CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.

Open Redirect

CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which

CVE-2020-11664 6.1 - Medium - April 15, 2020

CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.

Open Redirect

CA API Developer Portal 4.3.1 and earlier contains an access control flaw

CVE-2020-11661 8.1 - High - April 15, 2020

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data.

Improper Privilege Management

CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which

CVE-2020-11663 6.1 - Medium - April 15, 2020

CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks.

Open Redirect

The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability

CVE-2019-18375 6.5 - Medium - April 10, 2020

The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console.

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite

CVE-2020-1927 6.1 - Medium - April 02, 2020

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

Open Redirect

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1

CVE-2020-8010 9.8 - Critical - February 18, 2020

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1

CVE-2020-8011 7.5 - High - February 18, 2020

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service.

NULL Pointer Dereference

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1

CVE-2020-8012 9.8 - Critical - February 18, 2020

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.

Classic Buffer Overflow

Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.

CVE-2019-16203 7.5 - High - February 05, 2020

Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.

Insertion of Sensitive Information into Log File

Brocade Fabric OS Versions before v7.4.2f

CVE-2019-16204 7.5 - High - February 05, 2020

Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.

Insertion of Sensitive Information into Log File

The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass

CVE-2019-9503 8.3 - High - January 16, 2020

The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

Improper Input Validation

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.