Broadcom
Products by Broadcom Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2022 there have been 25 vulnerabilities in Broadcom with an average score of 7.3 out of ten. Last year Broadcom had 35 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Broadcom in 2022 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.33.
Year | Vulnerabilities | Average Score |
---|---|---|
2022 | 25 | 7.27 |
2021 | 35 | 6.94 |
2020 | 43 | 7.39 |
2019 | 23 | 7.87 |
2018 | 44 | 7.52 |
It may take a day or so for new Broadcom vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Broadcom Security Vulnerabilities
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.
CVE-2022-28162
3.3 - Low
- May 09, 2022
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.
Cleartext Storage of Sensitive Information
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources
CVE-2022-28165
8.8 - High
- May 06, 2022
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests.
AuthZ
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection
CVE-2022-28163
9.8 - Critical
- May 06, 2022
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.
SQL Injection
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords
CVE-2022-28164
6.5 - Medium
- May 06, 2022
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords.
Inadequate Encryption Strength
Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function
CVE-2022-28487
7.5 - High
- May 04, 2022
Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality.
Memory Leak
Tcpreplay v4.4.1 was discovered to contain a double-free
CVE-2022-27416
7.8 - High
- April 12, 2022
Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.
Double-free
Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.
CVE-2022-27418
7.8 - High
- April 12, 2022
Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.
Memory Corruption
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical
CVE-2005-10001
6.1 - Medium
- March 28, 2022
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Open Redirect
tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.
CVE-2022-27939
5.5 - Medium
- March 26, 2022
tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.
assertion failure
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.
CVE-2022-27940
7.8 - High
- March 26, 2022
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.
Memory Corruption
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.
CVE-2022-27941
7.8 - High
- March 26, 2022
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.
Memory Corruption
tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.
CVE-2022-27942
7.8 - High
- March 26, 2022
tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.
Memory Corruption
tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1.
CVE-2022-25484
5.5 - Medium
- March 22, 2022
tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1.
assertion failure
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could
CVE-2020-15388
6.5 - Medium
- March 18, 2022
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.
Incorrect Permission Assignment for Critical Resource
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements
CVE-2021-27789
6.5 - Medium
- March 18, 2022
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials.
A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could
CVE-2021-27796
6.5 - Medium
- February 21, 2022
A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the user or factory account, to read the contents of any file on the filesystem utilizing one of a few available binaries.
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could
CVE-2021-27797
9.8 - Critical
- February 21, 2022
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.
Use of Hard-coded Credentials
A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK)
CVE-2021-30650
6.1 - Medium
- February 18, 2022
A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious code into the OTK web UI client application.
XSS
XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation
CVE-2022-23992
9.8 - Critical
- February 14, 2022
XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges.
Improper Privilege Management
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c
CVE-2021-45386
5.5 - Medium
- February 11, 2022
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c
assertion failure
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c.
CVE-2021-45387
5.5 - Medium
- February 11, 2022
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c.
assertion failure
CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation
CVE-2022-22689
8.8 - High
- February 04, 2022
CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands.
CSV Injection
NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation
CVE-2022-23083
6.1 - Medium
- January 18, 2022
NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine.
XSS
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to
CVE-2022-23302
8.8 - High
- January 18, 2022
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
Marshaling, Unmarshaling
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters
CVE-2022-23305
9.8 - Critical
- January 18, 2022
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
SQL Injection
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature
CVE-2021-42775
9.1 - Critical
- November 12, 2021
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In non-secure mode, the user is unauthenticated.
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could
CVE-2021-42773
7.5 - High
- November 12, 2021
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated.
Information Disclosure
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature
CVE-2021-42774
9.8 - Critical
- November 12, 2021
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks. In non-secure mode, the user is unauthenticated.
Classic Buffer Overflow
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command
CVE-2021-42772
9.8 - Critical
- November 03, 2021
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that could allow a user to attempt various attacks. In non-secure mode, the user is unauthenticated
Classic Buffer Overflow
Heap-buffer overflow in the randomize_iparp function in edit_packet.c
CVE-2020-23273
5.5 - Medium
- September 22, 2021
Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap.
Memory Corruption
Malformed requests may cause the server to dereference a NULL pointer
CVE-2021-34798
7.5 - High
- September 16, 2021
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
NULL Pointer Dereference
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS)
CVE-2021-36160
7.5 - High
- September 16, 2021
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
Out-of-bounds Read
Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'
CVE-2020-18976
5.5 - Medium
- August 25, 2021
Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-edit' binary. This issue is different than CVE-2019-8381.
Classic Buffer Overflow
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could
CVE-2021-27794
7.8 - High
- August 12, 2021
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.
authentification
ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0
CVE-2021-27793
5.3 - Medium
- August 12, 2021
ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.
AuthZ
The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a
CVE-2021-27792
7.8 - High
- August 12, 2021
The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot.
Improper Input Validation
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header
CVE-2021-27791
5.4 - Medium
- August 12, 2021
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.
authentification
The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a
CVE-2021-27790
7.8 - High
- August 12, 2021
The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.
Memory Corruption
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability
CVE-2021-30648
9.8 - Critical
- June 30, 2021
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.
authentification
Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission
CVE-2020-15385
5.4 - Medium
- June 09, 2021
Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission.
Incorrect Permission Assignment for Critical Resource
Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability
CVE-2020-15384
5.3 - Medium
- June 09, 2021
Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header.
Cleartext Storage of Sensitive Information
Brocade SANnav before version 2.1.1 logs account credentials at the trace logging level.
CVE-2020-15380
7.5 - High
- June 09, 2021
Brocade SANnav before version 2.1.1 logs account credentials at the trace logging level.
Insertion of Sensitive Information into Log File
The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network
CVE-2020-15378
5.3 - Medium
- June 09, 2021
The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface.
Webtools in Brocade SANnav before version 2.1.1
CVE-2020-15377
9.8 - Critical
- June 09, 2021
Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF).
XSPA
Brocade SANnav before v.2.1.0a could
CVE-2020-15379
7.5 - High
- June 09, 2021
Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.
Improper Input Validation
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits
CVE-2020-15387
7.4 - High
- June 09, 2021
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.
Inadequate Encryption Strength
Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning
CVE-2020-15386
5.3 - Medium
- June 09, 2021
Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations.
Resource Exhaustion
Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability
CVE-2020-15381
7.5 - High
- June 09, 2021
Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server.
Insufficiently Protected Credentials
Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0
CVE-2020-15383
7.5 - High
- June 09, 2021
Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.
Resource Exhaustion
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password passw0rd if a password is not provided for PostgreSQL at install-time.
CVE-2020-15382
7.2 - High
- June 09, 2021
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password passw0rd if a password is not provided for PostgreSQL at install-time.
Use of Hard-coded Credentials
Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data
CVE-2021-26314
5.5 - Medium
- June 09, 2021
Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.
Exposure of Resource to Wrong Sphere
Potential speculative code store bypass in all supported CPU products
CVE-2021-26313
5.5 - Medium
- June 09, 2021
Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.
Exposure of Resource to Wrong Sphere
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin
CVE-2021-31879
6.1 - Medium
- April 29, 2021
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
Open Redirect
curl 7.63.0 to and including 7.75.0 includes vulnerability
CVE-2021-22890
3.7 - Low
- April 01, 2021
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.
Authentication Bypass by Spoofing
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header
CVE-2021-22876
5.3 - Medium
- April 01, 2021
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.
Information Disclosure
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar
CVE-2021-20197
6.3 - Medium
- March 26, 2021
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
insecure temporary file
** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation
CVE-2021-28246
7.8 - High
- March 26, 2021
** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Untrusted Path
** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts
CVE-2021-28248
7.5 - High
- March 26, 2021
** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Improper Restriction of Excessive Authentication Attempts
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3
CVE-2021-27219
7.5 - High
- February 15, 2021
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
Incorrect Conversion between Numeric Types
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32
CVE-2019-25013
5.9 - Medium
- January 04, 2021
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
Out-of-bounds Read
Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation
CVE-2020-15376
4.3 - Medium
- December 11, 2020
Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups.
Brocade Fabric OS versions before v9.0.0
CVE-2020-15375
6.7 - Medium
- December 11, 2020
Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges.
Improper Input Validation
An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server
CVE-2020-12595
4.9 - Medium
- December 10, 2020
An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4.
A privilege escalation flaw
CVE-2020-12594
7.2 - High
- December 10, 2020
A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4.
Improper Privilege Management
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13
CVE-2020-29660
4.4 - Medium
- December 09, 2020
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
Dangling pointer
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13
CVE-2020-29661
7.8 - High
- December 09, 2020
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
Dangling pointer
An issue was discovered in tcpreplay tcpprep v4.3.3
CVE-2020-24266
7.5 - High
- October 19, 2020
An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service.
Memory Corruption
An issue was discovered in tcpreplay tcpprep v4.3.3
CVE-2020-24265
7.5 - High
- October 19, 2020
An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service.
Memory Corruption
A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could
CVE-2018-6448
7.5 - High
- September 25, 2020
A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.
Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could
CVE-2018-6449
6.1 - Medium
- September 25, 2020
Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers
XSS
Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d
CVE-2020-15374
9.8 - Critical
- September 25, 2020
Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.
Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could
CVE-2020-15373
9.8 - Critical
- September 25, 2020
Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.
Buffer Overflow
A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could
CVE-2020-15372
5.5 - Medium
- September 25, 2020
A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging.
Improper Control of Dynamically-Managed Code Resources
Brocade Fabric OS versions before Brocade Fabric OS v9.0.0
CVE-2020-15371
9.8 - Critical
- September 25, 2020
Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.
Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could
CVE-2020-15370
6.5 - Medium
- September 25, 2020
Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files.
Insertion of Sensitive Information into Log File
Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field
CVE-2020-15369
8.8 - High
- September 25, 2020
Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host.
Weak Password Requirements
A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could
CVE-2018-6447
5.4 - Medium
- September 25, 2020
A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a users session and take over the account.
XSS
** DISPUTED ** scp in OpenSSH through 8.3p1
CVE-2020-15778
7.8 - High
- July 24, 2020
** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
Shell injection
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL
CVE-2020-12695
7.5 - High
- June 08, 2020
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
Incorrect Default Permissions
In GNOME glib-networking through 2.64.2
CVE-2020-13645
6.5 - Medium
- May 28, 2020
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.
Improper Certificate Validation
tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation
CVE-2020-12740
9.1 - Critical
- May 08, 2020
tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c.
Out-of-bounds Read
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions
CVE-2020-12243
7.5 - High
- April 28, 2020
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
Stack Exhaustion
Server or client applications
CVE-2020-1967
7.5 - High
- April 21, 2020
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
NULL Pointer Dereference
CA API Developer Portal 4.3.1 and earlier contains an access control flaw
CVE-2020-11659
4.3 - Medium
- April 15, 2020
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action.
Insecure Direct Object Reference / IDOR
CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which
CVE-2020-11658
9.8 - Critical
- April 15, 2020
CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.
Insecure Direct Object Reference / IDOR
CA API Developer Portal 4.3.1 and earlier contains an access control flaw
CVE-2020-11660
6.5 - Medium
- April 15, 2020
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information.
Information Disclosure
CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which
CVE-2020-11662
7.5 - High
- April 15, 2020
CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information.
Information Disclosure
CA API Developer Portal 4.3.1 and earlier contains an access control flaw
CVE-2020-11666
8.8 - High
- April 15, 2020
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges.
Improper Privilege Management
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which
CVE-2020-11665
6.1 - Medium
- April 15, 2020
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
Open Redirect
CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which
CVE-2020-11664
6.1 - Medium
- April 15, 2020
CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
Open Redirect
CA API Developer Portal 4.3.1 and earlier contains an access control flaw
CVE-2020-11661
8.1 - High
- April 15, 2020
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data.
Improper Privilege Management
CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which
CVE-2020-11663
6.1 - Medium
- April 15, 2020
CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks.
Open Redirect
The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability
CVE-2019-18375
6.5 - Medium
- April 10, 2020
The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console.
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite
CVE-2020-1927
6.1 - Medium
- April 02, 2020
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
Open Redirect
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1
CVE-2020-8010
9.8 - Critical
- February 18, 2020
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1
CVE-2020-8011
7.5 - High
- February 18, 2020
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service.
NULL Pointer Dereference
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1
CVE-2020-8012
9.8 - Critical
- February 18, 2020
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.
Classic Buffer Overflow
Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.
CVE-2019-16203
7.5 - High
- February 05, 2020
Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.
Insertion of Sensitive Information into Log File
Brocade Fabric OS Versions before v7.4.2f
CVE-2019-16204
7.5 - High
- February 05, 2020
Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.
Insertion of Sensitive Information into Log File
The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass
CVE-2019-9503
8.3 - High
- January 16, 2020
The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
Improper Input Validation