Broadcom

An issue found in TCPreplay tcprewrite v.4.4.3

CVE-2023-27783 7.5 - High - March 16, 2023

An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.

assertion failure

An issue found in TCPReplay v.4.4.3

CVE-2023-27784 7.5 - High - March 16, 2023

An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint.

NULL Pointer Dereference

An issue found in TCPreplay TCPprep v.4.4.3

CVE-2023-27785 7.5 - High - March 16, 2023

An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function.

NULL Pointer Dereference

An issue found in TCPprep v.4.4.3

CVE-2023-27786 7.5 - High - March 16, 2023

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function.

NULL Pointer Dereference

An issue found in TCPprep v.4.4.3

CVE-2023-27787 7.5 - High - March 16, 2023

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint.

NULL Pointer Dereference

An issue found in TCPrewrite v.4.4.3

CVE-2023-27788 7.5 - High - March 16, 2023

An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the ports2PORT function at the portmap.c:69 endpoint.

assertion failure

An issue found in TCPprep v.4.4.3

CVE-2023-27789 7.5 - High - March 16, 2023

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint.

assertion failure

Users supplied input (usually a CRLF sequence)

CVE-2023-23950 6.1 - Medium - January 26, 2023

Users supplied input (usually a CRLF sequence) can be used to split a returning response into two responses.

XSS

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application

CVE-2023-23951 6.1 - Medium - January 26, 2023

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application

XSS

An authenticated user can supply malicious HTML and JavaScript code

CVE-2023-23949 5.4 - Medium - January 26, 2023

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser.

XSS

Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability

CVE-2022-25631 7.8 - High - January 20, 2023

Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated

Improper Privilege Management

An unauthenticated user can access Identity Managers management console specific page URLs

CVE-2022-25626 5.3 - Medium - December 16, 2022

An unauthenticated user can access Identity Managers management console specific page URLs. However, the system doesnt allow the user to carry out server side tasks without a valid web session.

authentification

An authenticated administrator who has physical access to the environment

CVE-2022-25627 6.7 - Medium - December 16, 2022

An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4

An authenticated user

CVE-2022-25628 8.8 - High - December 16, 2022

An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4

XXE

Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs

CVE-2022-33187 4.9 - Medium - December 09, 2022

Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information.

Insertion of Sensitive Information into Log File

Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources

CVE-2022-37016 9.8 - Critical - December 01, 2022

Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

Improper Privilege Management

Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue

CVE-2022-37017 7.5 - High - December 01, 2022

Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled.

AuthZ

Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for

CVE-2022-28169 8.8 - High - October 25, 2022

Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header.

Improper Privilege Management

A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could

CVE-2022-33178 7.2 - High - October 25, 2022

A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.

Improper Input Validation

An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could

CVE-2022-33181 5.5 - Medium - October 25, 2022

An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands configshow and supportlink.

Information Disclosure

A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could

CVE-2022-33182 7.8 - High - October 25, 2022

A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands supportlink, firmwaredownload, portcfgupload, license, and fosexec.

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could

CVE-2022-33183 8.8 - High - October 25, 2022

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in firmwaredownload and diagshow commands.

A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could

CVE-2022-33184 7.8 - High - October 25, 2022

A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account.

Memory Corruption

Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input

CVE-2022-33185 7.8 - High - October 25, 2022

Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account.

Memory Corruption

Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0

CVE-2022-28170 6.5 - Medium - October 25, 2022

Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.

Insecure Storage of Sensitive Information

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could

CVE-2022-33179 8.8 - High - October 25, 2022

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with set context and escalate privileges.

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could

CVE-2022-33180 5.5 - Medium - October 25, 2022

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with seccryptocfg, configupload.

A malicious unauthorized PAM user

CVE-2022-25625 8.8 - High - August 26, 2022

A malicious unauthorized PAM user can access the administration configuration data and change the values.

The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344

CVE-2022-37048 7.8 - High - August 18, 2022

The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941.

Memory Corruption

The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150

CVE-2022-37049 7.8 - High - August 18, 2022

The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942.

Memory Corruption

The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713

CVE-2022-37047 7.8 - High - August 18, 2022

The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940.

Memory Corruption

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could

CVE-2021-27798 5.5 - Medium - August 05, 2022

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions v7.4.1.x and v7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life Publish report.

Directory traversal

Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability

CVE-2021-46825 9.1 - Critical - July 07, 2022

Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

authentification

In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8

CVE-2022-28166 7.5 - High - June 27, 2022

In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082.

Brocade SANnav before Brocade SANvav v

CVE-2022-28167 6.5 - Medium - June 27, 2022

Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log

Insecure Storage of Sensitive Information

In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could

CVE-2022-28168 7.5 - High - June 27, 2022

In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords.

Insecure Storage of Sensitive Information

A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers

CVE-2021-30651 4.9 - Medium - June 24, 2022

A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access.

Insufficiently Protected Credentials

In addition to the c_rehash shell command injection identified in CVE-2022-1292

CVE-2022-2068 9.8 - Critical - June 21, 2022

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).

Shell injection

CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability

CVE-2022-33739 7.5 - High - June 16, 2022

CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system.

aka Blind XPath Injection

CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent

CVE-2022-33750 9.8 - Critical - June 16, 2022

CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands.

authentification

CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent

CVE-2022-33751 7.5 - High - June 16, 2022

CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data.

Exposure of Resource to Wrong Sphere

CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent

CVE-2022-33752 9.8 - Critical - June 16, 2022

CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.

Improper Input Validation

CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent

CVE-2022-33753 8.8 - High - June 16, 2022

CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges.

Exposure of Resource to Wrong Sphere

CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent

CVE-2022-33754 9.8 - Critical - June 16, 2022

CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.

Improper Input Validation

CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent

CVE-2022-33755 5.3 - Medium - June 16, 2022

CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users.

Improper Input Validation

CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine

CVE-2022-33756 7.5 - High - June 16, 2022

CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data.

Insufficient Entropy

Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.

CVE-2022-28162 3.3 - Low - May 09, 2022

Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.

Cleartext Storage of Sensitive Information

A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources

CVE-2022-28165 8.8 - High - May 06, 2022

A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests.

AuthZ

In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection

CVE-2022-28163 9.8 - Critical - May 06, 2022

In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.

SQL Injection

Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords

CVE-2022-28164 6.5 - Medium - May 06, 2022

Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords.

Inadequate Encryption Strength

Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function

CVE-2022-28487 7.5 - High - May 04, 2022

Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality.

Memory Leak

Tcpreplay v4.4.1 was discovered to contain a double-free

CVE-2022-27416 7.8 - High - April 12, 2022

Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.

Double-free

Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.

CVE-2022-27418 7.8 - High - April 12, 2022

Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.

Memory Corruption

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical

CVE-2005-10001 6.1 - Medium - March 28, 2022

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Open Redirect

tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.

CVE-2022-27942 7.8 - High - March 26, 2022

tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.

Memory Corruption

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.

CVE-2022-27941 7.8 - High - March 26, 2022

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.

Memory Corruption

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.

CVE-2022-27940 7.8 - High - March 26, 2022

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.

Memory Corruption

tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.

CVE-2022-27939 5.5 - Medium - March 26, 2022

tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.

assertion failure

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process

CVE-2021-4197 7.8 - High - March 23, 2022

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.

authentification

tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1.

CVE-2022-25484 5.5 - Medium - March 22, 2022

tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1.

assertion failure

The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements

CVE-2021-27789 6.5 - Medium - March 18, 2022

The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials.

A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could

CVE-2020-15388 6.5 - Medium - March 18, 2022

A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.

Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could

CVE-2021-27797 9.8 - Critical - February 21, 2022

Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.

Use of Hard-coded Credentials

A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could

CVE-2021-27796 6.5 - Medium - February 21, 2022

A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the user or factory account, to read the contents of any file on the filesystem utilizing one of a few available binaries.

A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK)

CVE-2021-30650 6.1 - Medium - February 18, 2022

A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious code into the OTK web UI client application.

XSS

XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation

CVE-2022-23992 9.8 - Critical - February 14, 2022

XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges.

Improper Privilege Management

tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c

CVE-2021-45386 5.5 - Medium - February 11, 2022

tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c

assertion failure

tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c.

CVE-2021-45387 5.5 - Medium - February 11, 2022

tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c.

assertion failure

CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation

CVE-2022-22689 8.8 - High - February 04, 2022

CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands.

CSV Injection

NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation

CVE-2022-23083 6.1 - Medium - January 18, 2022

NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine.

XSS

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters

CVE-2022-23305 9.8 - Critical - January 18, 2022

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

SQL Injection

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to

CVE-2022-23302 8.8 - High - January 18, 2022

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

Marshaling, Unmarshaling

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature

CVE-2021-42775 9.1 - Critical - November 12, 2021

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In non-secure mode, the user is unauthenticated.

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature

CVE-2021-42774 9.8 - Critical - November 12, 2021

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks. In non-secure mode, the user is unauthenticated.

Classic Buffer Overflow

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could

CVE-2021-42773 7.5 - High - November 12, 2021

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated.

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command

CVE-2021-42772 9.8 - Critical - November 03, 2021

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that could allow a user to attempt various attacks. In non-secure mode, the user is unauthenticated

Classic Buffer Overflow

Heap-buffer overflow in the randomize_iparp function in edit_packet.c

CVE-2020-23273 5.5 - Medium - September 22, 2021

Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap.

Memory Corruption

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS)

CVE-2021-36160 7.5 - High - September 16, 2021

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

Out-of-bounds Read

Malformed requests may cause the server to dereference a NULL pointer

CVE-2021-34798 7.5 - High - September 16, 2021

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

NULL Pointer Dereference

Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'

CVE-2020-18976 5.5 - Medium - August 25, 2021

Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-edit' binary. This issue is different than CVE-2019-8381.

Classic Buffer Overflow

ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0

CVE-2021-27793 5.3 - Medium - August 12, 2021

ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.

AuthZ

The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a

CVE-2021-27792 7.8 - High - August 12, 2021

The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot.

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header

CVE-2021-27791 5.4 - Medium - August 12, 2021

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.

Out-of-bounds Read

The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a

CVE-2021-27790 7.8 - High - August 12, 2021

The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.

Memory Corruption

A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could

CVE-2021-27794 7.8 - High - August 12, 2021

A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.

authentification

The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability

CVE-2021-30648 9.8 - Critical - June 30, 2021

The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.

authentification

Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission

CVE-2020-15385 5.4 - Medium - June 09, 2021

Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission.

Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability

CVE-2020-15384 5.3 - Medium - June 09, 2021

Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header.

Cleartext Storage of Sensitive Information

Brocade SANnav before version 2.1.1 logs account credentials at the trace logging level.

CVE-2020-15380 7.5 - High - June 09, 2021

Brocade SANnav before version 2.1.1 logs account credentials at the trace logging level.

Insertion of Sensitive Information into Log File

The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network

CVE-2020-15378 5.3 - Medium - June 09, 2021

The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface.

Webtools in Brocade SANnav before version 2.1.1

CVE-2020-15377 9.8 - Critical - June 09, 2021

Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF).

XSPA

Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning

CVE-2020-15386 5.3 - Medium - June 09, 2021

Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations.

Brocade SANnav before v.2.1.0a could

CVE-2020-15379 7.5 - High - June 09, 2021

Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.

Improper Input Validation

The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits

CVE-2020-15387 7.4 - High - June 09, 2021

The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.

Inadequate Encryption Strength

Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability

CVE-2020-15381 7.5 - High - June 09, 2021

Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server.

Insufficiently Protected Credentials

Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0

CVE-2020-15383 7.5 - High - June 09, 2021

Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.

Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password passw0rd if a password is not provided for PostgreSQL at install-time.

CVE-2020-15382 7.2 - High - June 09, 2021

Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password passw0rd if a password is not provided for PostgreSQL at install-time.

Use of Hard-coded Credentials

Potential speculative code store bypass in all supported CPU products

CVE-2021-26313 5.5 - Medium - June 09, 2021

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.

Side Channel Attack

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data

CVE-2021-26314 5.5 - Medium - June 09, 2021

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

Exposure of Resource to Wrong Sphere

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin

CVE-2021-31879 6.1 - Medium - April 29, 2021

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.

Open Redirect