Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | controlit | 4.5 |
ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | arcserve_backup | * |
The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | arcserve_backup | * |
| broadcom | inoculan | * |
| microsoft | exchange_server | * |
AV Option for MS Exchange Server option for InoculateIT 4.53, and possibly other versions, only scans the Inbox folder tree of a Microsoft Exchange server, which could allow viruses to escape detection if a user's rules cause the message to be moved to a different mailbox.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | inoculateit | 4.53 |
eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows local users to easily decrypt the passwords.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_intrusion_detection | * |
The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_access_control | 4.1 |
| broadcom | etrust_access_control | 5.0 |
| ca | etrust_access_control | 5.0 |
| ca | etrust_access_control | 4.1 |
Computer Associates InoculateIT Agent for Exchange Server does not recognize an e-mail virus attachment if the SMTP header is missing the "From" field, which allows remote attackers to bypass virus protection.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | inoculateit_agent_for_exchange | * |
Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak encryption for passwords, which allows a remote attacker to gain privileges on the application.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ccc_harvest | 5.0 |
ftpdownload in Computer Associates InoculateIT 6.0 allows a local attacker to overwrite arbitrary files via a symlink attack on /tmp/ftpdownload.log .
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | inoculateit | 6.0 |
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | arcserve_backup | 6.61 |
| ca | arcserve_backup_2000 | * |
| broadcom | arcserve_backup_2000 | * |
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | arcserve_backup | 6.61 |
| ca | arcserve_backup_2000 | * |
| broadcom | arcserve_backup_2000 | * |
Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | arcserve_backup | 6.61 |
| ca | arcserve_backup | 6.63 |
Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and earlier may allow local users to execute arbitrary code via long command line arguments to (1) mlclear or (2) mllock.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | mlink | 6.5 |
eTrust InoculateIT 6.0 with the "Incremental Scan" option enabled may certify that a file is free of viruses before the file has been completely downloaded, which allows remote attackers to bypass virus detection.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-16,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | inoculateit | 6.0 |
Unknown "System Security Vulnerability" in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to gain privileges via the help interface.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | unicenter_remote_control_host | 6.0 |
Unknown "Denial of Service Attack" vulnerability in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to cause a denial of service (CPU consumption in URC host service).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | unicenter_remote_control_host | 6.0 |
Unknown "potential system security vulnerability" in Computer Associates (CA) Unicenter Remote Control 5.0 through 5.2, and ControlIT 5.0 and 5.1, may allow attackers to gain privileges to the local system account.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | unicenter_remote_control | 5.2 |
| ca | controlit | 5.0 |
| broadcom | unicenter_remote_control_option | 5.1 |
| broadcom | unicenter_remote_control_option | 5.0 |
| ca | controlit | 5.1 |
| broadcom | unicenter_remote_control | 6.0 |
| ca | unicenter_remote_control_option | 5.1 |
The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust InoculateIT for Linux 6.0 allow local users to overwrite arbitrary files via a symlink attack on files in /tmp.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | inoculateit | 6.0 |
McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| broadcom | etrust_antivirus | 7.0 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| sophos | sophos_anti-virus | 3.82 |
| broadcom | etrust_secure_content_manager | 1.0 |
| sophos | sophos_anti-virus | 3.4.6 |
| ca | etrust_secure_content_manager | 1.0 |
| mcafee | antivirus_engine | 4.3.20 |
| broadcom | etrust_ez_antivirus | 6.3 |
| sophos | sophos_anti-virus | 3.83 |
| sophos | sophos_anti-virus | 3.80 |
| suse | suse_linux | 9.2 |
| eset_software | nod32_antivirus | 1.0.13 |
| sophos | sophos_anti-virus | 3.78 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
| mandrakesoft | mandrake_linux | 10.1 |
| broadcom | etrust_ez_armor | 2.0 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| eset_software | nod32_antivirus | 1.0.11 |
| sophos | sophos_anti-virus | 3.81 |
| gentoo | linux | * |
| eset_software | nod32_antivirus | 1.0.12 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_ez_antivirus | 6.1 |
| broadcom | etrust_ez_antivirus | 6.2 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_ez_armor | 2.4 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| sophos | sophos_anti-virus | 3.86 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | etrust_secure_content_manager | 1.1 |
| broadcom | etrust_ez_armor | 2.3 |
| gentoo | linux | 1.4 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| sophos | sophos_anti-virus | 3.78d |
| sophos | sophos_anti-virus | 3.84 |
| sophos | sophos_anti-virus | 3.85 |
| broadcom | etrust_intrusion_detection | 1.5 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| archive_zip | archive_zip | 1.13 |
| ca | etrust_antivirus | 7.0_sp2 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| broadcom | etrust_antivirus | 7.0 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| sophos | sophos_anti-virus | 3.82 |
| broadcom | etrust_secure_content_manager | 1.0 |
| sophos | sophos_anti-virus | 3.4.6 |
| ca | etrust_secure_content_manager | 1.0 |
| mcafee | antivirus_engine | 4.3.20 |
| broadcom | etrust_ez_antivirus | 6.3 |
| sophos | sophos_anti-virus | 3.83 |
| sophos | sophos_anti-virus | 3.80 |
| suse | suse_linux | 9.2 |
| eset_software | nod32_antivirus | 1.0.13 |
| sophos | sophos_anti-virus | 3.78 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
| mandrakesoft | mandrake_linux | 10.1 |
| broadcom | etrust_ez_armor | 2.0 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| eset_software | nod32_antivirus | 1.0.11 |
| sophos | sophos_anti-virus | 3.81 |
| gentoo | linux | * |
| eset_software | nod32_antivirus | 1.0.12 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_ez_antivirus | 6.1 |
| broadcom | etrust_ez_antivirus | 6.2 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_ez_armor | 2.4 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| sophos | sophos_anti-virus | 3.86 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | etrust_secure_content_manager | 1.1 |
| broadcom | etrust_ez_armor | 2.3 |
| gentoo | linux | 1.4 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| sophos | sophos_anti-virus | 3.78d |
| sophos | sophos_anti-virus | 3.84 |
| sophos | sophos_anti-virus | 3.85 |
| broadcom | etrust_intrusion_detection | 1.5 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| archive_zip | archive_zip | 1.13 |
| ca | etrust_antivirus | 7.0_sp2 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| broadcom | etrust_antivirus | 7.0 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| sophos | sophos_anti-virus | 3.82 |
| broadcom | etrust_secure_content_manager | 1.0 |
| sophos | sophos_anti-virus | 3.4.6 |
| ca | etrust_secure_content_manager | 1.0 |
| mcafee | antivirus_engine | 4.3.20 |
| broadcom | etrust_ez_antivirus | 6.3 |
| sophos | sophos_anti-virus | 3.83 |
| sophos | sophos_anti-virus | 3.80 |
| suse | suse_linux | 9.2 |
| eset_software | nod32_antivirus | 1.0.13 |
| sophos | sophos_anti-virus | 3.78 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
| mandrakesoft | mandrake_linux | 10.1 |
| broadcom | etrust_ez_armor | 2.0 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| eset_software | nod32_antivirus | 1.0.11 |
| sophos | sophos_anti-virus | 3.81 |
| gentoo | linux | * |
| eset_software | nod32_antivirus | 1.0.12 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_ez_antivirus | 6.1 |
| broadcom | etrust_ez_antivirus | 6.2 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_ez_armor | 2.4 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| sophos | sophos_anti-virus | 3.86 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | etrust_secure_content_manager | 1.1 |
| broadcom | etrust_ez_armor | 2.3 |
| gentoo | linux | 1.4 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| sophos | sophos_anti-virus | 3.78d |
| sophos | sophos_anti-virus | 3.84 |
| sophos | sophos_anti-virus | 3.85 |
| broadcom | etrust_intrusion_detection | 1.5 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| archive_zip | archive_zip | 1.13 |
| ca | etrust_antivirus | 7.0_sp2 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| broadcom | etrust_antivirus | 7.0 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| sophos | sophos_anti-virus | 3.82 |
| broadcom | etrust_secure_content_manager | 1.0 |
| sophos | sophos_anti-virus | 3.4.6 |
| ca | etrust_secure_content_manager | 1.0 |
| mcafee | antivirus_engine | 4.3.20 |
| broadcom | etrust_ez_antivirus | 6.3 |
| sophos | sophos_anti-virus | 3.83 |
| sophos | sophos_anti-virus | 3.80 |
| suse | suse_linux | 9.2 |
| eset_software | nod32_antivirus | 1.0.13 |
| sophos | sophos_anti-virus | 3.78 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
| mandrakesoft | mandrake_linux | 10.1 |
| broadcom | etrust_ez_armor | 2.0 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| eset_software | nod32_antivirus | 1.0.11 |
| sophos | sophos_anti-virus | 3.81 |
| gentoo | linux | * |
| eset_software | nod32_antivirus | 1.0.12 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_ez_antivirus | 6.1 |
| broadcom | etrust_ez_antivirus | 6.2 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_ez_armor | 2.4 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| sophos | sophos_anti-virus | 3.86 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | etrust_secure_content_manager | 1.1 |
| broadcom | etrust_ez_armor | 2.3 |
| gentoo | linux | 1.4 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| sophos | sophos_anti-virus | 3.78d |
| sophos | sophos_anti-virus | 3.84 |
| sophos | sophos_anti-virus | 3.85 |
| broadcom | etrust_intrusion_detection | 1.5 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| archive_zip | archive_zip | 1.13 |
| ca | etrust_antivirus | 7.0_sp2 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| broadcom | etrust_antivirus | 7.0 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| sophos | sophos_anti-virus | 3.82 |
| broadcom | etrust_secure_content_manager | 1.0 |
| sophos | sophos_anti-virus | 3.4.6 |
| ca | etrust_secure_content_manager | 1.0 |
| mcafee | antivirus_engine | 4.3.20 |
| broadcom | etrust_ez_antivirus | 6.3 |
| sophos | sophos_anti-virus | 3.83 |
| sophos | sophos_anti-virus | 3.80 |
| suse | suse_linux | 9.2 |
| eset_software | nod32_antivirus | 1.0.13 |
| sophos | sophos_anti-virus | 3.78 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
| mandrakesoft | mandrake_linux | 10.1 |
| broadcom | etrust_ez_armor | 2.0 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| eset_software | nod32_antivirus | 1.0.11 |
| sophos | sophos_anti-virus | 3.81 |
| gentoo | linux | * |
| eset_software | nod32_antivirus | 1.0.12 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_ez_antivirus | 6.1 |
| broadcom | etrust_ez_antivirus | 6.2 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_ez_armor | 2.4 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| sophos | sophos_anti-virus | 3.86 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | etrust_secure_content_manager | 1.1 |
| broadcom | etrust_ez_armor | 2.3 |
| gentoo | linux | 1.4 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| sophos | sophos_anti-virus | 3.78d |
| sophos | sophos_anti-virus | 3.84 |
| sophos | sophos_anti-virus | 3.85 |
| broadcom | etrust_intrusion_detection | 1.5 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| archive_zip | archive_zip | 1.13 |
| ca | etrust_antivirus | 7.0_sp2 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| broadcom | etrust_antivirus | 7.0 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| sophos | sophos_anti-virus | 3.82 |
| broadcom | etrust_secure_content_manager | 1.0 |
| sophos | sophos_anti-virus | 3.4.6 |
| ca | etrust_secure_content_manager | 1.0 |
| mcafee | antivirus_engine | 4.3.20 |
| broadcom | etrust_ez_antivirus | 6.3 |
| sophos | sophos_anti-virus | 3.83 |
| sophos | sophos_anti-virus | 3.80 |
| suse | suse_linux | 9.2 |
| eset_software | nod32_antivirus | 1.0.13 |
| sophos | sophos_anti-virus | 3.78 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
| mandrakesoft | mandrake_linux | 10.1 |
| broadcom | etrust_ez_armor | 2.0 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| eset_software | nod32_antivirus | 1.0.11 |
| sophos | sophos_anti-virus | 3.81 |
| gentoo | linux | * |
| eset_software | nod32_antivirus | 1.0.12 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_ez_antivirus | 6.1 |
| broadcom | etrust_ez_antivirus | 6.2 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_ez_armor | 2.4 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| sophos | sophos_anti-virus | 3.86 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | etrust_secure_content_manager | 1.1 |
| broadcom | etrust_ez_armor | 2.3 |
| gentoo | linux | 1.4 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| sophos | sophos_anti-virus | 3.78d |
| sophos | sophos_anti-virus | 3.84 |
| sophos | sophos_anti-virus | 3.85 |
| broadcom | etrust_intrusion_detection | 1.5 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| archive_zip | archive_zip | 1.13 |
| ca | etrust_antivirus | 7.0_sp2 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| broadcom | etrust_antivirus | 7.0 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| sophos | sophos_anti-virus | 3.82 |
| broadcom | etrust_secure_content_manager | 1.0 |
| sophos | sophos_anti-virus | 3.4.6 |
| ca | etrust_secure_content_manager | 1.0 |
| mcafee | antivirus_engine | 4.3.20 |
| broadcom | etrust_ez_antivirus | 6.3 |
| sophos | sophos_anti-virus | 3.83 |
| sophos | sophos_anti-virus | 3.80 |
| suse | suse_linux | 9.2 |
| eset_software | nod32_antivirus | 1.0.13 |
| sophos | sophos_anti-virus | 3.78 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_antivirus | 7.1 |
| mandrakesoft | mandrake_linux | 10.1 |
| broadcom | etrust_ez_armor | 2.0 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| eset_software | nod32_antivirus | 1.0.11 |
| sophos | sophos_anti-virus | 3.81 |
| gentoo | linux | * |
| eset_software | nod32_antivirus | 1.0.12 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_ez_antivirus | 6.1 |
| broadcom | etrust_ez_antivirus | 6.2 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_ez_armor | 2.4 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| sophos | sophos_anti-virus | 3.86 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | etrust_secure_content_manager | 1.1 |
| broadcom | etrust_ez_armor | 2.3 |
| gentoo | linux | 1.4 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| sophos | sophos_anti-virus | 3.78d |
| sophos | sophos_anti-virus | 3.84 |
| sophos | sophos_anti-virus | 3.85 |
| broadcom | etrust_intrusion_detection | 1.5 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| ca | etrust_antivirus | 7.0_sp2 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_ez_antivirus | 7.0.1.2 |
| broadcom | etrust_ez_antivirus | 7.0.2.1 |
| broadcom | etrust_ez_antivirus | 7.0.4 |
| broadcom | etrust_ez_antivirus | 7.0 |
| broadcom | etrust_ez_antivirus | 7.0.1.3 |
| broadcom | etrust_ez_antivirus | 7.0.1 |
| broadcom | etrust_ez_antivirus | 7.0.3 |
| broadcom | etrust_ez_antivirus | 7.0.1.1 |
| broadcom | etrust_ez_antivirus | 7.0.1.4 |
| broadcom | etrust_ez_antivirus | 7.0.2 |
Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | silkworm_fiber_channel_switch | 2010 |
| engenio | storage_controller | 5884 |
| brocade | silkworm | 3800 |
| broadcom | fabric_operating_system | 3.1 |
| brocade | silkworm_fiber_channel_switch | 2050 |
| brocade | silkworm | 3850 |
| storagetek | d280 | * |
| brocade | silkworm | 3250 |
| brocade | silkworm | 3200 |
| brocade | silkworm_fiber_channel_switch | 2040 |
| brocade | silkworm | 3900 |
| broadcom | fabric_operating_system | 2.2 |
| engenio | storage_controller | 2882 |
| engenio | storage_controller | 2822 |
| broadcom | fabric_operating_system | 2.1.2 |
| engenio | storage_controller | 4884 |
| ibm | ds4100 | * |
Multiple stack-based buffer overflows in Agent Common Services (1) cam.exe and (2) awservices.exe in Unicenter TNG 2.4 allow remote attackers to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | unicenter_tng | 2.4 |
| broadcom | unicenter_tng | 2.4.2 |
eTrust InoculateIT for Linux 6.0 uses insecure permissions for multiple files and directories, including the application's registry and tmp directories, which allows local users to delete, modify, or examine sensitive information.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | inoculateit | 6.0 |
Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote attackers to bypass virus scanning by including a password-protected file in a ZIP file, which causes eTrust to scan only the password protected file and skip the other files.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_antivirus_ee | 7.0 |
| broadcom | etrust_antivirus_ee | 6.0 |
The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-312,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | bluecoat_security_gateway | * |
| broadcom | bluecoat_security_gateway | 3.2.1 |
Computer Associates Unicenter Common Services 3.0 and earlier stores the database "SA" password in cleartext in the TndAddNspTmp.bat file, which could allow local users to gain privileges.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | common_services | 2.0 |
| broadcom | common_services | 1.0 |
| broadcom | common_services | 3.0 |
| broadcom | common_services | 1.1 |
| broadcom | unicenter_network_and_systems_management | 3.0 |
| broadcom | common_services | 2.1 |
| broadcom | common_services | 2.2 |
| broadcom | unicenter_serviceplus_service_desk | 6.0 |
Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brightstor_arcserve_backup | 11.1 |
The production release of the UniversalAgent for UNIX in BrightStor ARCserve Backup 11.1 contains hard-coded credentials, which allows remote attackers to access the file system and possibly execute arbitrary commands.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brightstor_arcserve_backup | 11.1 |
Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execute arbitrary code via (1) certain long fields in the Checksum item in a GCR request, (2) a long IP address, hostname, or netmask values in a GCR request, (3) a long last parameter in a GETCONFIG packet, or (4) long values in a request with an invalid format.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | license_software | 0.1.0.15 |
Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to execute arbitrary code via a long filename in a PUTOLF request.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | license_software | 0.1.0.15 |
Directory traversal vulnerability in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to create arbitrary files via .. (dot dot) sequences in a PUTOLF request.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | license_software | 0.1.0.15 |
Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the "Change Credentials for Database" window, which allows local users to recover the SQL Admin password via certain methods.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | unicenter_asset_management | 4.0 |
Cross-site scripting (XSS) vulnerability in the Reporter for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to inject arbitrary HTML or web script via the (1) name or (2) description in a report template.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | unicenter_asset_management | 4.0 |
SQL injection vulnerability in the Query Designer for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to execute arbitrary SQL via an imported file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | unicenter_asset_management | 4.0 |
Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_intrusion_detection | 3.0 |
A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
| cna@vuldb.com | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | 2.8 | 2.5 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_siteminder | 4.5.0 |
| broadcom | symantec_siteminder | 4.5.1 |
Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | brightstor_enterprise_backup_agent | 10.5 |
| ca | brightstor_arcserve_backup_agent | 9.0.1 |
| ca | brightstor_arcserve_backup | 11.1 |
| ca | brightstor_arcserve_backup_agent | 11.1 |
| ca | brightstor_arcserve_backup | 9.0.1 |
| broadcom | brightstor_enterprise_backup | 10.5 |
| broadcom | brightstor_enterprise_backup | 10.0 |
| ca | brightstor_arcserve_backup_agent | 11 |
| ca | brightstor_arcserve_backup | 9.0_1 |
| ca | brightstor_arcserve_backup_agent | 11.0 |
| ca | brightstor_enterprise_backup_agent | 10.0 |
| ca | brightstor_arcserve_backup | 11.0 |
Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, BrightStor ARCserve Backup (BAB) r11.1, Vet Antivirus, Zonelabs ZoneAlarm Security Suite, and ZoneAlarm Antivirus, allows remote attackers to gain privileges via a compressed VBA directory with a project name length of -1, which leads to a heap-based buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| broadcom | etrust_antivirus | 7.0 |
| broadcom | etrust_ez_armor_le | 2.0 |
| broadcom | etrust_ez_armor_le | 3.0.0.14 |
| ca | etrust_antivirus | 7.1 |
| broadcom | etrust_intrusion_detection | 3.0 |
| broadcom | etrust_secure_content_manager | 1.0 |
| zonelabs | zonealarm_antivirus | * |
| ca | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_ez_armor | 1.0 |
| ca | etrust_intrusion_detection | 3.0 |
| broadcom | etrust_antivirus | 7.1 |
| broadcom | etrust_ez_armor | 2.0 |
| broadcom | etrust_antivirus_ee | 7.0 |
| ca | brightstor_arcserve_backup | 11.1 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_ez_armor | 2.4 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| broadcom | etrust_secure_content_manager | 1.1 |
| broadcom | etrust_ez_armor | 2.3 |
| zonelabs | zonealarm | * |
| ca | etrust_antivirus | 7.0 |
| broadcom | etrust_ez_armor | 2.4.4 |
| broadcom | etrust_intrusion_detection | 1.5 |
| broadcom | etrust_antivirus_ee | 6.0 |
| ca | etrust_antivirus | 7.0_sp2 |
| broadcom | etrust_antivirus | 6.0 |
| ca | vet_antivirus | 10.66 |
Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_siteminder | 5.5 |
Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9.0 through 11.1 allows remote attackers to execute arbitrary commands via a large packet to TCP port 41523, a different vulnerability than CVE-2005-0260.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brightstor_enterprise_backup | 10 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | brightstor_arcserve_backup | 7.0 |
| broadcom | brightstor_arcserve_backup_hp | 11.1 |
| broadcom | brightstor_enterprise_backup | 10.5 |
| broadcom | arcserve_backup_2000 | r16.5 |
| broadcom | brightstor_arcserve_backup | 9.0 |
| broadcom | brightstor_arcserve_backup | 11.0 |
| broadcom | brightstor_enterprise_backup | 10.0 |
| broadcom | brightstor_arcserve_backup | 9.0.1 |
Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows attackers to cause a denial of service via unknown vectors, aka the "CAM TCP port vulnerability."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | unicenter_service_level_management | 3.5 |
| ca | unicenter_asset_management | 4.0 |
| ca | unicenter_management | 4.1 |
| ca | unicenter_management | 5 |
| ca | unicenter_management | 5.0.1 |
| broadcom | etrust_admin | 2.07 |
| broadcom | cleverpath_predictive_analysis_server | 3.0 |
| broadcom | unicenter_tng | 2.2 |
| broadcom | cleverpath_ecm | 3.5 |
| ca | unicenter_enterprise_job_manager | 1.0 |
| broadcom | message_queuing | 1.05 |
| broadcom | etrust_admin | 8.1 |
| broadcom | message_queuing | 1.07_build_220_13 |
| broadcom | unicenter_asset_management | 3.1 |
| ca | unicenter_management | 3.5 |
| ca | unicenter_software_delivery | 4.0 |
| broadcom | unicenter_service_level_management | 3.0.1 |
| broadcom | unicenter_tng | 2.4 |
| broadcom | unicenter_service_level_management | 3.0.2 |
| ca | unicenter_nsm | 3.0 |
| broadcom | brightstor_san_manager | 11.1 |
| broadcom | etrust_admin | 2.04 |
| broadcom | unicenter_service_level_management | 3.0 |
| broadcom | unicenter_asset_management | 4.0 |
| ca | unicenter_tng | 2.2 |
| broadcom | unicenter_tng | 2.4.2 |
| broadcom | unicenter_performance_management | 2.4 |
| broadcom | advantage_data_transport | 3.0 |
| broadcom | unicenter_application_performance_monitor | 3.0 |
| broadcom | unicenter_asset_management | 3.2 |
| broadcom | etrust_admin | 8.0 |
| broadcom | etrust_admin | 2.01 |
| ca | unicenter_management | 4.0 |
| broadcom | unicenter_software_delivery | 4.0 |
| broadcom | unicenter_software_delivery | 3.0 |
| broadcom | adviseit | 2.4 |
| ca | unicenter_nsm | 3.1 |
| broadcom | unicenter_tng | 2.1 |
| broadcom | unicenter_application_performance_monitor | 3.5 |
| broadcom | unicenter_software_delivery | 3.1 |
| broadcom | etrust_admin | 2.09 |
| broadcom | unicenter_data_transport_option | 2.0 |
| broadcom | unicenter_remote_control | 6.0 |
| broadcom | unicenter_jasmine | 3.0 |
| broadcom | cleverpath_olap | 5.1 |
| broadcom | brightstor_san_manager | 1.1 |
| broadcom | message_queuing | 1.11_build_29_13 |
| broadcom | brightstor_portal | 11.1 |
Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | unicenter_service_level_management | 3.5 |
| ca | unicenter_asset_management | 4.0 |
| ca | unicenter_management | 4.1 |
| ca | etrust_admin | 2.4 |
| ca | unicenter_management | 5.0.1 |
| broadcom | cleverpath_predictive_analysis_server | 3.0 |
| broadcom | unicenter_tng | 2.2 |
| broadcom | cleverpath_ecm | 3.5 |
| ca | unicenter_enterprise_job_manager | 1.0 |
| broadcom | messaging | 1.5 |
| broadcom | messaging | 1.11 |
| broadcom | etrust_admin | 8.1 |
| broadcom | unicenter_asset_management | 3.1 |
| ca | unicenter_management | 3.5 |
| ca | unicenter_software_delivery | 4.0 |
| broadcom | unicenter_service_level_management | 3.0.1 |
| broadcom | unicenter_tng | 2.4 |
| broadcom | unicenter_service_level_management | 3.0.2 |
| broadcom | brightstor_san_manager | 11.1 |
| ca | etrust_admin | 2.7 |
| broadcom | unicenter_network_and_systems_management | 3.0 |
| broadcom | unicenter_nsm_wireless_network_management_option | 3.0 |
| broadcom | unicenter_service_level_management | 3.0 |
| broadcom | unicenter_asset_management | 4.0 |
| broadcom | unicenter_network_and_systems_management | 3.1 |
| ca | unicenter_tng | 2.2 |
| broadcom | unicenter_management_portal | 3.1 |
| ca | etrust_admin | 2.9 |
| broadcom | unicenter_tng | 2.4.2 |
| broadcom | unicenter_performance_management | 2.4 |
| broadcom | advantage_data_transport | 3.0 |
| broadcom | cleverpath_aion | 10.0 |
| ca | etrust_admin | 2.1 |
| broadcom | unicenter_management_portal | 2.0 |
| broadcom | unicenter_application_performance_monitor | 3.0 |
| broadcom | unicenter_asset_management | 3.2 |
| broadcom | messaging | 1.7 |
| broadcom | etrust_admin | 8.0 |
| ca | unicenter_management | 4.0 |
| broadcom | unicenter_software_delivery | 4.0 |
| broadcom | unicenter_software_delivery | 3.0 |
| broadcom | adviseit | 2.4 |
| broadcom | unicenter_tng | 2.1 |
| broadcom | unicenter_application_performance_monitor | 3.5 |
| broadcom | cleverpath_predictive_analysis_server | 2.0 |
| broadcom | unicenter_software_delivery | 3.1 |
| broadcom | unicenter_data_transport_option | 2.0 |
| broadcom | unicenter_remote_control | 6.0 |
| broadcom | unicenter_jasmine | 3.0 |
| ca | unicenter_management | 5.0 |
| broadcom | cleverpath_olap | 5.1 |
| broadcom | brightstor_san_manager | 1.1 |
| broadcom | brightstor_portal | 11.1 |
Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | unicenter_service_level_management | 3.5 |
| ca | unicenter_asset_management | 4.0 |
| ca | unicenter_management | 4.1 |
| ca | etrust_admin | 2.4 |
| ca | unicenter_management | 5.0.1 |
| broadcom | cleverpath_predictive_analysis_server | 3.0 |
| broadcom | unicenter_tng | 2.2 |
| broadcom | cleverpath_ecm | 3.5 |
| ca | unicenter_enterprise_job_manager | 1.0 |
| broadcom | messaging | 1.5 |
| broadcom | messaging | 1.11 |
| broadcom | etrust_admin | 8.1 |
| broadcom | unicenter_asset_management | 3.1 |
| ca | unicenter_management | 3.5 |
| ca | unicenter_software_delivery | 4.0 |
| broadcom | unicenter_service_level_management | 3.0.1 |
| broadcom | unicenter_tng | 2.4 |
| broadcom | unicenter_service_level_management | 3.0.2 |
| broadcom | brightstor_san_manager | 11.1 |
| ca | etrust_admin | 2.7 |
| broadcom | unicenter_network_and_systems_management | 3.0 |
| broadcom | unicenter_nsm_wireless_network_management_option | 3.0 |
| broadcom | unicenter_service_level_management | 3.0 |
| broadcom | unicenter_asset_management | 4.0 |
| broadcom | unicenter_network_and_systems_management | 3.1 |
| ca | unicenter_tng | 2.2 |
| broadcom | unicenter_management_portal | 3.1 |
| ca | etrust_admin | 2.9 |
| broadcom | unicenter_tng | 2.4.2 |
| broadcom | unicenter_performance_management | 2.4 |
| broadcom | advantage_data_transport | 3.0 |
| broadcom | cleverpath_aion | 10.0 |
| ca | etrust_admin | 2.1 |
| broadcom | unicenter_management_portal | 2.0 |
| broadcom | unicenter_application_performance_monitor | 3.0 |
| broadcom | unicenter_asset_management | 3.2 |
| broadcom | messaging | 1.7 |
| broadcom | etrust_admin | 8.0 |
| ca | unicenter_management | 4.0 |
| broadcom | unicenter_software_delivery | 4.0 |
| broadcom | unicenter_software_delivery | 3.0 |
| broadcom | adviseit | 2.4 |
| broadcom | unicenter_tng | 2.1 |
| broadcom | unicenter_application_performance_monitor | 3.5 |
| broadcom | cleverpath_predictive_analysis_server | 2.0 |
| broadcom | unicenter_software_delivery | 3.1 |
| broadcom | unicenter_data_transport_option | 2.0 |
| broadcom | unicenter_remote_control | 6.0 |
| broadcom | unicenter_jasmine | 3.0 |
| ca | unicenter_management | 5.0 |
| broadcom | cleverpath_olap | 5.1 |
| broadcom | brightstor_san_manager | 1.1 |
| broadcom | brightstor_portal | 11.1 |
Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | igateway | 3.0 |
| broadcom | igateway | 4.0 |
Multiple interpretation error in unspecified versions of (1) eTrust-Iris and (2) eTrust-Vet Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_antivirus | * |
| broadcom | etrust_antivirus_iris_engine | * |
Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_antivirus | 7.0.1.4 |
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | unicenter_service_catalog_fulfillment_accounting | 11.0 |
| broadcom | etrust_audit_irecorder | 8.0 |
| broadcom | unicenter_service_metric_analysis | 11.0 |
| broadcom | brightstor_storage_resource_manager | 11.5 |
| broadcom | etrust_identity_minder | 8.0 |
| broadcom | brightstor_storage_resource_manager | 6.4 |
| broadcom | brightstor_storage_resource_manager | 6.3 |
| ca | unicenter_management | 11.0 |
| ca | brightstor_enterprise_backup | 10.5 |
| broadcom | brightstor_arcserve_backup | 11.5 |
| broadcom | unicenter_service_fulfillment | 2.2 |
| ca | unicenter_exchange_management_console | 11.0 |
| broadcom | brightstor_storage_resource_manager | 11.1 |
| broadcom | brightstor_arcserve_backup_laptops_desktops | 11.0 |
| ca | unicenter_service_level_management | 11.0 |
| broadcom | brightstor_san_manager | 11.5 |
| broadcom | unicenter_service_delivery | 11.0 |
| broadcom | brightstor_arcserve_backup | 9.01 |
| ca | etrust_audit_aries | 1.5 |
| broadcom | etrust_admin | 8.1 |
| ca | unicenter_application_server_managment | 11.0 |
| ca | unicenter_management | 3.5 |
| ca | unicenter_application_performance_monitor | 11.0 |
| broadcom | etrust_audit_aries | 8.0 |
| broadcom | unicenter_service_desk | 11.0 |
| broadcom | etrust_audit_irecorder | 1.5 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| ca | etrust_secure_content_manager | 8.0 |
| broadcom | itechnology_igateway | * |
| broadcom | brightstor_san_manager | 11.1 |
| broadcom | brightstor_arcserve_backup_laptops_desktops | 11.1 |
| broadcom | unicenter_asset_portfolio_management | 11.0 |
| broadcom | etrust_integrated_threat_management | 8.0 |
| broadcom | unicenter_autosys_jm | 11.0 |
| ca | brightstor_enterprise_backup | 10.0 |
| ca | unicenter_web_server_management | 11.0 |
| broadcom | unicenter_service_desk_knowledge_tools | 11.0 |
| ca | etrust_directory | 8.1_web_components |
| ca | unicenter_service_fulfillment | 11.0 |
| ca | unicenter_ca_web_services_distributed_management | 11.0 |
| broadcom | brightstor_process_automation_manager | 11.1 |
| broadcom | brightstor_portal | 11.1 |
| ca | brightstor_arcserve_backup | 11 |
| ca | unicenter_web_services_distributed_management | 11.0 |
Cross-site scripting (XSS) vulnerability in the portal login page in Computer Associates CleverPath 4.7 allows remote attackers to execute Javascript via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | cleverpath_portal | 4.7 |
The DM Primer (dmprimer.exe) in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter Remote Control 6.0, 6.0 SP1, CA Desktop Protection Suite r2, CA Server Protection Suite r2, and CA Business Protection Suite r2 allows remote attackers to cause a denial of service (CPU consumption or application hang) via a large network packet, which causes a WSAEMESGSIZE error code that is not handled, leading to a thread exit.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | unicenter_remote_control | 5.2 |
| broadcom | desktop_protection_suite | 2.0 |
| broadcom | brightstor_mobile_backup | r4.0 |
| ca | unicenter_remote_control | 6.0_build_6.0.56.3 |
| broadcom | business_protection_suite | 2.0 |
| broadcom | brightstor_arcserve_backup_laptops_desktops | 11.0 |
| broadcom | server_protection_suite | 2 |
| ca | unicenter_remote_control | 6.0 |
| broadcom | brightstor_arcserve_backup_laptops_desktops | 11.1 |
| broadcom | unicenter_remote_control | 6.0 |
| ca | unicenter_remote_control | 6.0_build_6.0.74 |
The DM Primer in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter Remote Control 6.0, 6.0 SP1, CA Desktop Protection Suite r2, CA Server Protection Suite r2, and CA Business Protection Suite r2 allows remote attackers to cause a denial of service (CPU consumption and log file consumption) via unspecified "unrecognized network messages" that are not properly handled.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | unicenter_remote_control | 5.2 |
| broadcom | desktop_protection_suite | 2.0 |
| broadcom | brightstor_mobile_backup | r4.0 |
| ca | unicenter_remote_control | 6.0_build_6.0.56.3 |
| broadcom | business_protection_suite | 2.0 |
| broadcom | brightstor_arcserve_backup_laptops_desktops | 11.0 |
| broadcom | server_protection_suite | 2 |
| ca | unicenter_remote_control | 6.0 |
| broadcom | brightstor_arcserve_backup_laptops_desktops | 11.1 |
| broadcom | unicenter_remote_control | 6.0 |
| ca | unicenter_remote_control | 6.0_build_6.0.74 |
Unspecified vulnerability in CA Resource Initialization Manager (CAIRIM) 1.x before 20060502, as used in z/OS Common Services and the LMP component in multiple products, allows attackers to violate integrity via a certain "problem state program" that uses SVC to gain access to supervisor state, key 0.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | resource_initialization_manager | * |
Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a scan job with format strings in the description field.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | etrust_antivirus | 8.0 |
| broadcom | etrust_pestpatrol | 8.0 |
| broadcom | integrated_threat_management | 8.0 |
Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | widcomm_bluetooth | 1.3.2.7 |
| broadcom | widcomm_bluetooth | 1.4.2.10 |
| broadcom | widcomm_bluetooth | 1.4.1.03 |
| microsoft | windows_embedded_compact | * |
| broadcom | widcomm_bluetooth | * |
| microsoft | windows_mobile | * |
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | siteminder | * |
| sun | j2ee | * |
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | arcserve_for_windows_server_component | * |
| broadcom | secure_content_manager | 1.1 |
| broadcom | secure_content_manager | 8.0 |
| broadcom | etrust_antivirus | 8 |
| broadcom | network_and_systems_management | r3.1 |
| ca | arcserve_for_windows_client_agent | * |
| broadcom | anti-virus_sdk | * |
| ca | anti-virus_for_the_enterprise | r8.1 |
| broadcom | network_and_systems_management | r11 |
| ca | internet_security_suite_2008 | * |
| broadcom | etrust_antivirus | 7.1 |
| broadcom | unicenter_network_and_systems_management | 11 |
| ca | protection_suites | r3.1 |
| ca | etrust_anti-virus_gateway | 7.1 |
| broadcom | anti-virus | 2008 |
| ca | etrust_secure_content_manager | 8.0 |
| broadcom | internet_security_suite | * |
| broadcom | unicenter_network_and_systems_management | 3.0 |
| ca | threat_manager | 8.1 |
| ca | anti-virus_plus | 2009 |
| broadcom | unicenter_network_and_systems_management | 3.1 |
| ca | internet_security_suite_plus_2009 | * |
| broadcom | network_and_systems_management | r11.1 |
| broadcom | common_services | 11.1 |
| ca | protection_suites | r2 |
| ca | common_services | 3.1 |
| broadcom | anti-virus_for_the_enterprise | r8 |
| broadcom | network_and_systems_management | r3.0 |
| broadcom | etrust_intrusion_detection | 3.0 |
| ca | etrust_anti-virus_sdk | * |
| ca | etrust_ez_antivirus | r7.1 |
| broadcom | unicenter_network_and_systems_management | 11.1 |
| ca | threat_manager_total_defense | * |
| ca | etrust_intrusion_detection | 3.0 |
| broadcom | etrust_integrated_threat_management | 8.1 |
| ca | anti-virus_gateway | 7.1 |
| broadcom | etrust_antivirus | 8.1 |
| ca | threat_manager | r8 |
| broadcom | common_services | 11 |
| ca | arcserve_backup | r11.1 |
| ca | protection_suites | r3 |
| broadcom | etrust_secure_content_manager | 1.1 |
| ca | arcserve_backup | r11.5 |
| broadcom | anti-virus | 2007 |
| broadcom | internet_security_suite | 3.0 |
| ca | anti-virus | 2009 |
| ca | internet_security_suite_plus_2008 | * |
| ca | gateway_security | r8.1 |
| broadcom | anti-virus_for_the_enterprise | 7.1 |
| ca | etrust_intrusion_detection | 2.0 |
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | arcserve_for_windows_server_component | * |
| broadcom | secure_content_manager | 1.1 |
| broadcom | secure_content_manager | 8.0 |
| broadcom | etrust_antivirus | 8 |
| broadcom | network_and_systems_management | r3.1 |
| ca | arcserve_for_windows_client_agent | * |
| broadcom | anti-virus_sdk | * |
| ca | anti-virus_for_the_enterprise | r8.1 |
| broadcom | network_and_systems_management | r11 |
| ca | internet_security_suite_2008 | * |
| broadcom | etrust_antivirus | 7.1 |
| broadcom | unicenter_network_and_systems_management | 11 |
| ca | protection_suites | r3.1 |
| ca | etrust_anti-virus_gateway | 7.1 |
| broadcom | anti-virus | 2008 |
| ca | etrust_secure_content_manager | 8.0 |
| broadcom | internet_security_suite | * |
| broadcom | unicenter_network_and_systems_management | 3.0 |
| ca | threat_manager | 8.1 |
| ca | anti-virus_plus | 2009 |
| broadcom | unicenter_network_and_systems_management | 3.1 |
| ca | internet_security_suite_plus_2009 | * |
| broadcom | network_and_systems_management | r11.1 |
| broadcom | common_services | 11.1 |
| ca | protection_suites | r2 |
| ca | common_services | 3.1 |
| broadcom | anti-virus_for_the_enterprise | r8 |
| broadcom | network_and_systems_management | r3.0 |
| broadcom | etrust_intrusion_detection | 3.0 |
| broadcom | arcserve_backup | r12.0 |
| ca | etrust_anti-virus_sdk | * |
| ca | etrust_ez_antivirus | r7.1 |
| broadcom | unicenter_network_and_systems_management | 11.1 |
| ca | threat_manager_total_defense | * |
| ca | etrust_intrusion_detection | 3.0 |
| broadcom | etrust_integrated_threat_management | 8.1 |
| ca | anti-virus_gateway | 7.1 |
| broadcom | etrust_antivirus | 8.1 |
| ca | threat_manager | r8 |
| broadcom | common_services | 11 |
| ca | arcserve_backup | r11.1 |
| ca | protection_suites | r3 |
| broadcom | etrust_secure_content_manager | 1.1 |
| ca | arcserve_backup | r11.5 |
| broadcom | anti-virus | 2007 |
| broadcom | internet_security_suite | 3.0 |
| ca | anti-virus | 2009 |
| ca | internet_security_suite_plus_2008 | * |
| ca | gateway_security | r8.1 |
| broadcom | anti-virus_for_the_enterprise | 7.1 |
| ca | etrust_intrusion_detection | 2.0 |
Unspecified vulnerability in the Broadcom Integrated NIC Management Firmware 1.x before 1.40.0.0 and 8.x before 8.08 on the HP Small Form Factor and Microtower platforms allows remote attackers to execute arbitrary code via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | broadcom | * |
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| apache | http_server | 2.2.8 |
| ibm | http_server | 6.1.0.19 |
| apache | http_server | 2.3.1 |
| ibm | http_server | 6.0.2.25 |
| apache | http_server | - |
| apache | http_server | 2.0.43 |
| ibm | http_server | 6.1.0.25 |
| apache | http_server | 2.0.28 |
| apache | http_server | 2.2.7 |
| apache | http_server | 2.2.10 |
| ibm | http_server | 6.0.2.35 |
| ibm | http_server | 6.1.0.29 |
| ibm | http_server | 6.0.2.39 |
| ibm | http_server | 6.1.0.13 |
| ibm | http_server | 6.0.2.29 |
| apache | http_server | 2.0.46 |
| apache | http_server | 2.0.56 |
| apache | http_server | 2.3.5 |
| apache | http_server | 2.3.6 |
| apache | http_server | 2.0.53 |
| apache | http_server | 2.2.2 |
| apache | http_server | 2.0.9 |
| apache | http_server | 2.0.61 |
| apache | http_server | 2.0.32 |
| apache | http_server | 2.0.45 |
| apache | http_server | 2.2.11 |
| ibm | http_server | 6.1.0.21 |
| apache | http_server | 2.0.34 |
| apache | http_server | 2.0.36 |
| apache | http_server | 2.0.47 |
| ibm | http_server | 6.0.2.1 |
| ibm | http_server | 6.1.0.11 |
| apache | http_server | 2.0.50 |
| ibm | http_server | 6.0.2.7 |
| apache | http_server | 2.0.58 |
| apache | http_server | 2.0.63 |
| ibm | http_server | 6.0.2.13 |
| ibm | http_server | 6.0.2.31 |
| apache | http_server | 2.2.0 |
| apache | http_server | 2.2.4 |
| apache | http_server | 2.2.1 |
| ibm | http_server | 6.1.0.3 |
| apache | http_server | 2.2.12 |
| ibm | http_server | 6.1.0.5 |
| apache | http_server | 2.0.35 |
| ibm | http_server | 6.0.2.21 |
| ibm | http_server | 6.0.2.27 |
| ibm | http_server | 6.0.2 |
| ibm | http_server | 6.0.2.11 |
| apache | http_server | 2.3.2 |
| apache | http_server | 2.0.59 |
| apache | http_server | 2.0.55 |
| ibm | http_server | 6.0.2.9 |
| ibm | http_server | 6.1.0.9 |
| apache | http_server | 2.0.48 |
| ibm | http_server | 6.1 |
| apache | http_server | 2.0.39 |
| apache | http_server | 2.2.9 |
| apache | http_server | 2.0.52 |
| apache | http_server | 2.0.38 |
| apache | http_server | 2.0.44 |
| apache | http_server | 2.3.4 |
| apache | http_server | 2.2.3 |
| apache | http_server | 2.2.14 |
| ibm | websphere_application_server | * |
| ibm | http_server | 6.0.2.33 |
| ibm | http_server | 6.1.0.2 |
| apache | http_server | * |
| ibm | http_server | 6.0.2.15 |
| apache | http_server | 2.3.3 |
| apache | http_server | 2.2.13 |
| ibm | http_server | 6.0.2.23 |
| ibm | http_server | 6.1.0.23 |
| apache | http_server | 2.0.42 |
| ibm | http_server | 6.1.0.17 |
| apache | http_server | 2.0.54 |
| apache | http_server | 2.0.49 |
| apache | http_server | 2.3.0 |
| apache | http_server | 2.2.6 |
| apache | http_server | 2.0.57 |
| apache | http_server | 2.0.51 |
| ibm | http_server | 6.1.0.7 |
| apache | http_server | 2.0.40 |
| apache | http_server | 2.0.60 |
| ibm | http_server | 6.1.0.15 |
| ibm | http_server | 6.1.0.27 |
| ibm | http_server | 6.0.2.3 |
| apache | http_server | 2.0.37 |
| broadcom | vmware_ace_management_server | * |
| ibm | http_server | 6.0.2.37 |
| oracle | http_server | 10.1.3.5.0 |
| apache | http_server | 2.0.41 |
| ibm | http_server | 6.0.2.19 |
Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | total_defense | r12 |
Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | total_defense | r12 |
The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | total_defense | r12 |
The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | siteminder | 12.0 |
| ca | siteminder | 6 |
Multiple stack-based buffer overflows in the Web Viewer ActiveX controls in CA Output Management Web Viewer 11.0 and 11.5 allow remote attackers to execute arbitrary code via (1) a long SRC property value to the PPSViewer ActiveX control in PPSView.ocx before 1.0.0.7 or (2) a long Title property value to the UOMWV_Helper ActiveX control in UOMWV_HelperActiveX.ocx before 11.5.0.1.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | output_management_web_viewer | 11.0 |
| broadcom | output_management_web_viewer | 11.5 |
Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | gateway_security | 8.1 |
| broadcom | total_defense | r12 |
Unspecified vulnerability in dxserver before 6279 in CA Directory 8.1 and CA Directory r12 before SP7 CR1 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP packet.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | directory | r12 |
| broadcom | directory | 8.1 |
The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-16,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sitecom | wl-111 | - |
| broadcom | broadcom_linux | * |
CA License (aka CA Licensing) before 1.90.03 does not properly restrict system commands, which allows local users to gain privileges via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | license_software | 1.9.1.105 |
| broadcom | license_software | 0.1.0.15 |
| broadcom | license_software | 1.70.1.101 |
| broadcom | license_software | 1.8.0.114 |
| broadcom | license_software | * |
| broadcom | license_software | 1.5.3 |
| broadcom | license_software | 1.52 |
| broadcom | license_software | 1.8.0.110 |
| broadcom | license_software | 1.61.8 |
| broadcom | license_software | 1.60.3 |
| broadcom | license_software | 1.61.9 |
CA License (aka CA Licensing) before 1.90.03 allows local users to modify or create arbitrary files, and consequently gain privileges, via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | license_software | 1.9.1.105 |
| broadcom | license_software | 0.1.0.15 |
| broadcom | license_software | 1.70.1.101 |
| broadcom | license_software | 1.8.0.114 |
| broadcom | license_software | * |
| broadcom | license_software | 1.5.3 |
| broadcom | license_software | 1.52 |
| broadcom | license_software | 1.8.0.110 |
| broadcom | license_software | 1.61.8 |
| broadcom | license_software | 1.60.3 |
| broadcom | license_software | 1.61.9 |
CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | arcserve_backup | r16.0 |
Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12.5 through 12.7 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | service_desk_manager | 12.6 |
| broadcom | service_desk_manager | 12.7 |
| broadcom | service_desk_manager | 12.5 |
Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_critical_system_protection | * |
Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | siteminder | 12.5 |
| broadcom | siteminder | 12.51 |
| ca | web_agents | 6.0 |
| broadcom | siteminder | 12.0 |
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| intellian | v100_firmware | 1.21 |
| debian | debian_linux | 6.0 |
| canonical | ubuntu_linux | 12.04 |
| siemens | simatic_s7-1500t_firmware | 1.5 |
| redhat | virtualization | 6.0 |
| siemens | wincc_open_architecture | 3.12 |
| opensuse | opensuse | 12.3 |
| siemens | cp_1543-1_firmware | 1.1 |
| redhat | enterprise_linux_workstation | 6.0 |
| mitel | micollab | 7.2 |
| redhat | enterprise_linux_desktop | 6.0 |
| ricon | s9922l_firmware | 16.10.3(3794) |
| splunk | splunk | * |
| siemens | simatic_s7-1500_firmware | 1.5 |
| siemens | elan-8.2 | * |
| mitel | mivoice | 1.2.0.11 |
| siemens | application_processing_engine_firmware | 2.0 |
| redhat | enterprise_linux_server_aus | 6.5 |
| mitel | mivoice | 1.1.3.3 |
| fedoraproject | fedora | 20 |
| redhat | enterprise_linux_server_eus | 6.5 |
| redhat | enterprise_linux_server_tus | 6.5 |
| mitel | mivoice | 1.4.0.102 |
| redhat | gluster_storage | 2.1 |
| mitel | micollab | 7.1 |
| redhat | enterprise_linux_server | 6.0 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 13.10 |
| intellian | v100_firmware | 1.24 |
| mitel | mivoice | 1.1.2.5 |
| opensuse | opensuse | 13.1 |
| intellian | v60_firmware | 1.25 |
| mitel | micollab | 7.3 |
| filezilla-project | filezilla_server | * |
| mitel | micollab | 6.0 |
| fedoraproject | fedora | 19 |
| intellian | v100_firmware | 1.20 |
| mitel | micollab | 7.0 |
| broadcom | symantec_messaging_gateway | 10.6.1 |
| canonical | ubuntu_linux | 12.10 |
| openssl | openssl | * |
| redhat | storage | 2.1 |
| debian | debian_linux | 7.0 |
| mitel | micollab | 7.3.0.104 |
| mitel | mivoice | 1.3.2.2 |
| intellian | v60_firmware | 1.15 |
| broadcom | symantec_messaging_gateway | 10.6.0 |
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | 2e_web_option | r8.1.2 |
cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) modify the firmware via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | pipa_c211_web_interface | 1.1 |
| broadcom | pipa_c211 | - |
The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_critical_system_protection | 5.2.9 |
| symantec | data_center_security | 6.0.0 |
The Investigation Tool (aka gov.ca.post.lp.itool) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | investigation_tool | 1.0.0 |
SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_critical_system_protection | 5.2.9 |
| symantec | data_center_security | 6.0.0 |
Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | release_automation | * |
Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | release_automation | * |
SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | release_automation | * |
Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_critical_system_protection | 5.2.9 |
| symantec | data_center_security | 6.0.0 |
The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_critical_system_protection | 5.2.9 |
| symantec | data_center_security | 6.0.0 |
The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_critical_system_protection | 5.2.9 |
| symantec | data_center_security | 6.0.0 |
Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | spectrum | 9.2 |
| broadcom | spectrum | 9.3 |
CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | spectrum | 9.2 |
| broadcom | spectrum | 9.3 |
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, allows local users to gain privileges via an unspecified environment variable.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ca | client_automation | r12.9 |
| ca | virtual_assurance_for_infrastructure_managers | 12.8 |
| ca | nsm_job_management_option | r11.1 |
| ca | virtual_assurance_for_infrastructure_managers | 12.7 |
| ca | client_automation | r12.8 |
| ca | virtual_assurance_for_infrastructure_managers | 12.6 |
| ca | network_and_systems_management | r11.2 |
| ca | workload_automation_ae | r11 |
| ca | workload_automation_ae | r11.3.5 |
| ca | client_automation | r12.5 |
| broadcom | network_and_systems_management | r11.1 |
| ca | nsm_job_management_option | r11.2 |
| ca | nsm_job_management_option | r11.0 |
| ca | workload_automation_ae | r11.3 |
| ca | workload_automation_ae | r11.3.6 |
| ca | universal_job_management_agent | - |
| ca | virtual_assurance_for_infrastructure_managers | 12.9 |
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xceedium | xsuite | 2.3.0 |
| broadcom | privileged_access_manager | * |
| xceedium | xsuite | 2.4.3.0 |
The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-345,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | single_sign-on | r12.51 |
| broadcom | single_sign-on | r12.0j |
| broadcom | single_sign-on | r12.52 |
| broadcom | single_sign-on | r12.0 |
| broadcom | single_sign-on | r6.0 |
| broadcom | single_sign-on | r12.5 |
The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-345,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | single_sign-on | r12.0j |
| broadcom | single_sign-on | r12.0 |
| broadcom | single_sign-on | r6.0 |
| broadcom | single_sign-on | r12.5 |
SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_embedded_security_critical_system_protection | * |
| broadcom | symantec_data_center_security_server | 6.6.0 |
| broadcom | symantec_critical_system_protection | * |
| broadcom | symantec_data_center_security_server | 6.5.0 |
| broadcom | symantec_data_center_security_server_and_agents | * |
| broadcom | symantec_embedded_security_critical_system_protection_for_controllers_and_devices | * |
CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allows remote attackers to read arbitrary files or cause a denial of service via a request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | release_automation | * |
Multiple cross-site scripting (XSS) vulnerabilities in CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | release_automation | * |
Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.0 | HIGH | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.1 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_embedded_security_critical_system_protection | * |
| broadcom | symantec_data_center_security_server | 6.6.0 |
| broadcom | symantec_critical_system_protection | * |
| broadcom | symantec_data_center_security_server | 6.5.0 |
| broadcom | symantec_data_center_security_server_and_agents | * |
| broadcom | symantec_embedded_security_critical_system_protection_for_controllers_and_devices | * |
Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.6 | HIGH | CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H | 1.0 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_data_center_security_server | * |
| broadcom | symantec_embedded_security_critical_system_protection | * |
| broadcom | symantec_data_center_security_server | 6.6.0 |
| broadcom | symantec_critical_system_protection | * |
| broadcom | symantec_data_center_security_server | 6.5.0 |
| broadcom | symantec_embedded_security_critical_system_protection_for_controllers_and_devices | 6.5.0 |
| broadcom | symantec_data_center_security_server_and_agents | 6.6.0 |
Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H | 2.1 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-74,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_critical_system_protection | 5.2.9 |
| broadcom | symantec_data_center_security_server | 6.6.0 |
| broadcom | symantec_data_center_security_server | 6.5.0 |
| broadcom | symantec_embedded_security_critical_system_protection_for_controllers_and_devices | 6.5.0 |
| broadcom | symantec_data_center_security_server_and_agents | 6.6.0 |
| broadcom | symantec_embedded_security_critical_system_protection | 1.0 |
The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_proxysg | 6.6 |
| broadcom | symantec_proxysg | * |
The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_proxysg | 6.6 |
| broadcom | symantec_proxysg | * |
| broadcom | advanced_secure_gateway | * |
| broadcom | advanced_secure_gateway | 6.6 |
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-434,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_proxysg | * |
| broadcom | advanced_secure_gateway | * |
CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | api_gateway | 8.3 |
| broadcom | api_gateway | 8.0 |
| broadcom | api_gateway | 8.1 |
| broadcom | api_gateway | 8.2 |
| broadcom | api_gateway | 7.1 |
| broadcom | api_gateway | 8.4 |
HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-254,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 8.0.0 |
| broadcom | fabric_operating_system | * |
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| symantec | endpoint_protection_for_small_business | * |
| symantec | web_gateway | - |
| symantec | advanced_threat_protection | - |
| symantec | mail_security_for_domino | 8.1.2 |
| symantec | protection_engine | 7.5.2 |
| symantec | mail_security_for_microsoft_exchange | 7.0 |
| symantec | mail_security_for_microsoft_exchange | 7.0.1 |
| symantec | mail_security_for_microsoft_exchange | 7.5.1 |
| symantec | endpoint_protection_for_small_business | - |
| symantec | csapi | * |
| symantec | protection_engine | 7.5.5 |
| symantec | mail_security_for_microsoft_exchange | 7.0.4 |
| symantec | messaging_gateway_for_service_providers | 10.6 |
| symantec | protection_engine | 7.5.4 |
| symantec | mail_security_for_microsoft_exchange | 7.5.3 |
| symantec | mail_security_for_domino | 8.1.3 |
| symantec | protection_engine | 7.5.3 |
| symantec | protection_for_sharepoint_servers | 6.0.7 |
| symantec | mail_security_for_microsoft_exchange | 7.5.4 |
| symantec | messaging_gateway | * |
| broadcom | symantec_data_center_security_server | - |
| symantec | mail_security_for_microsoft_exchange | 7.0.2 |
| symantec | web_security.cloud | - |
| symantec | protection_engine | 7.5.0 |
| symantec | endpoint_protection | * |
| symantec | protection_for_sharepoint_servers | 6.0.5 |
| symantec | email_security.cloud | - |
| symantec | protection_for_sharepoint_servers | 6.0.4 |
| symantec | protection_engine | * |
| symantec | protection_engine | 7.8.0 |
| symantec | mail_security_for_microsoft_exchange | 7.0.3 |
| symantec | protection_for_sharepoint_servers | 6.0.3 |
| symantec | endpoint_protection_cloud | - |
| symantec | messaging_gateway_for_service_providers | 10.5 |
| symantec | protection_for_sharepoint_servers | 6.0.6 |
| symantec | mail_security_for_microsoft_exchange | 7.5 |
| symantec | mail_security_for_domino | * |
| symantec | mail_security_for_microsoft_exchange | * |
| symantec | mail_security_for_microsoft_exchange | 7.5.2 |
| symantec | protection_engine | 7.5.1 |
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| symantec | endpoint_protection_for_small_business | * |
| symantec | web_gateway | - |
| symantec | advanced_threat_protection | - |
| symantec | mail_security_for_domino | 8.1.2 |
| symantec | protection_engine | 7.5.2 |
| symantec | mail_security_for_microsoft_exchange | 7.0 |
| symantec | mail_security_for_microsoft_exchange | 7.0.1 |
| symantec | mail_security_for_microsoft_exchange | 7.5.1 |
| symantec | endpoint_protection_for_small_business | - |
| symantec | csapi | * |
| symantec | protection_engine | 7.5.5 |
| symantec | mail_security_for_microsoft_exchange | 7.0.4 |
| symantec | messaging_gateway_for_service_providers | 10.6 |
| symantec | protection_engine | 7.5.4 |
| symantec | mail_security_for_microsoft_exchange | 7.5.3 |
| symantec | mail_security_for_domino | 8.1.3 |
| symantec | protection_engine | 7.5.3 |
| symantec | protection_for_sharepoint_servers | 6.0.7 |
| symantec | mail_security_for_microsoft_exchange | 7.5.4 |
| symantec | messaging_gateway | * |
| broadcom | symantec_data_center_security_server | - |
| symantec | mail_security_for_microsoft_exchange | 7.0.2 |
| symantec | web_security.cloud | - |
| symantec | protection_engine | 7.5.0 |
| symantec | endpoint_protection | * |
| symantec | protection_for_sharepoint_servers | 6.0.5 |
| symantec | email_security.cloud | - |
| symantec | protection_for_sharepoint_servers | 6.0.4 |
| symantec | protection_engine | * |
| symantec | protection_engine | 7.8.0 |
| symantec | mail_security_for_microsoft_exchange | 7.0.3 |
| symantec | protection_for_sharepoint_servers | 6.0.3 |
| symantec | endpoint_protection_cloud | - |
| symantec | messaging_gateway_for_service_providers | 10.5 |
| symantec | protection_for_sharepoint_servers | 6.0.6 |
| symantec | mail_security_for_microsoft_exchange | 7.5 |
| symantec | mail_security_for_domino | * |
| symantec | mail_security_for_microsoft_exchange | * |
| symantec | mail_security_for_microsoft_exchange | 7.5.2 |
| symantec | protection_engine | 7.5.1 |
CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ehealth | 6.3.2.06 |
| broadcom | ehealth | 6.3.2.02 |
| broadcom | ehealth | 6.3.2.04 |
| broadcom | ehealth | 6.3.2.10 |
| broadcom | ehealth | 6.3.2.03 |
| broadcom | ehealth | 6.3.2 |
| broadcom | ehealth | 6.3.2.07 |
| broadcom | ehealth | 6.3.2.09 |
| ca | ehealth | 6.2.1 |
| broadcom | ehealth | 6.3.2.12 |
| broadcom | ehealth | 6.3.1 |
| ca | ehealth | 6.2 |
| ca | ehealth | 6.2.2 |
| broadcom | ehealth | 6.3.2.08 |
| broadcom | ehealth | 6.3.2.11 |
| broadcom | ehealth | 6.3 |
| broadcom | ehealth | 6.3.2.01 |
| broadcom | ehealth | 6.3.2.05 |
tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | * |
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 8.0.1 |
| broadcom | fabric_operating_system | * |
A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_network_advisor | * |
The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_proxysg | 6.5.2.10 |
| broadcom | symantec_proxysg | 6.5.5.7 |
| broadcom | symantec_proxysg | 6.5.9.8 |
| broadcom | symantec_proxysg | 6.5.4.1 |
| broadcom | symantec_proxysg | 6.5.6.1 |
| broadcom | symantec_proxysg | 6.6.4.3 |
| broadcom | symantec_proxysg | 6.5.9.14 |
| broadcom | advanced_secure_gateway | 6.6 |
| broadcom | symantec_proxysg | 6.5.2 |
| broadcom | advanced_secure_gateway | 6.6.5.1 |
| broadcom | symantec_proxysg | 6.6.2.1 |
| broadcom | symantec_proxysg | 6.5 |
| broadcom | symantec_proxysg | 6.7.1.1 |
| broadcom | advanced_secure_gateway | 6.6.4.3 |
| broadcom | symantec_proxysg | 6.6.4 |
| broadcom | symantec_proxysg | 6.6.2.2 |
| broadcom | symantec_proxysg | 6.5.7.6 |
| broadcom | advanced_secure_gateway | 6.6.3 |
| broadcom | symantec_proxysg | 6.6 |
| broadcom | symantec_proxysg | 6.6.5 |
| broadcom | symantec_proxysg | 6.5.9.10 |
| broadcom | symantec_proxysg | 6.6.3 |
| broadcom | symantec_proxysg | 6.5.9.2 |
| broadcom | symantec_proxysg | 6.5.1 |
| broadcom | symantec_proxysg | 6.6.3.2 |
| broadcom | symantec_proxysg | 6.7 |
| broadcom | symantec_proxysg | 6.6.2 |
| broadcom | symantec_proxysg | 6.6.4.1 |
| broadcom | advanced_secure_gateway | 6.6.4 |
Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_proxysg | 6.6 |
| broadcom | symantec_proxysg | * |
| broadcom | advanced_secure_gateway | * |
| broadcom | advanced_secure_gateway | 6.6 |
Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information.
CVSS 2.0
Severity: LOW
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_proxysg | * |
| broadcom | advanced_secure_gateway | * |
The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_workload_automation_ae | 11.3 |
| broadcom | systems_performance_for_infrastructure_managers | 12.9 |
| broadcom | systems_performance_for_infrastructure_managers | 12.8 |
| ca | virtual_assurance_for_infrastructure_managers | 12.8 |
| broadcom | client_automation | 14.0 |
| broadcom | ca_workload_automation_ae | 11.3.6 |
| broadcom | systemedge | 5.9 |
| ca | universal_job_management_agent | 11.2 |
| broadcom | ca_workload_automation_ae | 11.3.5 |
| broadcom | ca_workload_automation_ae | 11.0 |
| broadcom | client_automation | 12.8 |
| broadcom | systemedge | 5.8.2 |
| ca | virtual_assurance_for_infrastructure_managers | 12.9 |
| broadcom | client_automation | 12.9 |
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | bcm4355c0_firmware | 9.44.78.27.0.1.56 |
| apple | tvos | * |
| apple | iphone_os | * |
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | bcm4355c0_firmware | 9.44.78.27.0.1.56 |
| apple | tvos | * |
| apple | iphone_os | * |
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | bcm4355c0_firmware | * |
| apple | tvos | * |
| apple | iphone_os | * |
Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_proxysg | * |
| broadcom | advanced_secure_gateway | * |
Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_proxysg | * |
| broadcom | advanced_secure_gateway | * |
tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file, a related issue to CVE-2016-6160.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 3.4.4 |
Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT research paper. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish multiple millions of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-203,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ssl_visibility_appliance | 3.12 |
| broadcom | ssl_visibility_appliance | 3.8.4fc |
| broadcom | ssl_visibility_appliance | 3.11 |
| broadcom | ssl_visibility_appliance | 3.10 |
Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-203,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_intelligencecenter | 3.3 |
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pivotal_software | rabbitmq | 1.5.19 |
| vmware | rabbitmq | 3.5.3 |
| pivotal_software | rabbitmq | 1.6.13 |
| vmware | rabbitmq | 3.5.2 |
| vmware | rabbitmq | 3.4.1 |
| pivotal_software | rabbitmq | 1.7.7 |
| broadcom | rabbitmq_server | 3.6.7 |
| vmware | rabbitmq | 3.5.1 |
| broadcom | rabbitmq_server | 3.4.2 |
| pivotal_software | rabbitmq | 1.6.9 |
| pivotal_software | rabbitmq | 1.5.4 |
| pivotal_software | rabbitmq | 3.6.3 |
| pivotal_software | rabbitmq | 1.5.0 |
| pivotal_software | rabbitmq | 1.7.9 |
| pivotal_software | rabbitmq | 1.5.15 |
| pivotal_software | rabbitmq | 1.6.7 |
| pivotal_software | rabbitmq | 1.6.8 |
| pivotal_software | rabbitmq | 3.5.4 |
| vmware | rabbitmq | 3.4.4 |
| pivotal_software | rabbitmq | 3.6.5 |
| broadcom | rabbitmq_server | 3.5.2 |
| pivotal_software | rabbitmq | 1.5.6 |
| broadcom | rabbitmq_server | 3.4.0 |
| pivotal_software | rabbitmq | 1.7.10 |
| vmware | rabbitmq | 3.4.0 |
| pivotal_software | rabbitmq | 1.7.6 |
| pivotal_software | rabbitmq | 1.5.3 |
| pivotal_software | rabbitmq | 3.5.7 |
| pivotal_software | rabbitmq | 1.5.10 |
| vmware | rabbitmq | 3.5.0 |
| pivotal_software | rabbitmq | 1.7.13 |
| pivotal_software | rabbitmq | 1.5.18 |
| broadcom | rabbitmq_server | 3.5.1 |
| pivotal_software | rabbitmq | 1.6.16 |
| pivotal_software | rabbitmq | 1.7.14 |
| pivotal_software | rabbitmq | 1.5.2 |
| broadcom | rabbitmq_server | 3.4.3 |
| broadcom | rabbitmq_server | 3.5.3 |
| pivotal_software | rabbitmq | 1.7.0 |
| pivotal_software | rabbitmq | 1.5.14 |
| vmware | rabbitmq | 3.6.7 |
| vmware | rabbitmq | 3.4.2 |
| debian | debian_linux | 9.0 |
| pivotal_software | rabbitmq | 1.7.2 |
| pivotal_software | rabbitmq | 1.6.1 |
| pivotal_software | rabbitmq | 1.6.3 |
| pivotal_software | rabbitmq | 1.6.12 |
| broadcom | rabbitmq_server | 3.5.6 |
| broadcom | rabbitmq_server | 3.5.0 |
| pivotal_software | rabbitmq | 1.5.12 |
| pivotal_software | rabbitmq | 1.6.6 |
| pivotal_software | rabbitmq | 3.6.1 |
| pivotal_software | rabbitmq | 1.5.5 |
| pivotal_software | rabbitmq | 1.5.13 |
| pivotal_software | rabbitmq | 1.5.11 |
| pivotal_software | rabbitmq | 1.6.10 |
| pivotal_software | rabbitmq | 1.7.5 |
| pivotal_software | rabbitmq | 3.6.6 |
| vmware | rabbitmq | 3.4.3 |
| broadcom | rabbitmq_server | 3.4.4 |
| pivotal_software | rabbitmq | 1.6.5 |
| pivotal_software | rabbitmq | 3.6.2 |
| pivotal_software | rabbitmq | 1.7.8 |
| pivotal_software | rabbitmq | 3.5.5 |
| vmware | rabbitmq | 3.5.6 |
| pivotal_software | rabbitmq | 1.6.0 |
| pivotal_software | rabbitmq | 1.5.1 |
| pivotal_software | rabbitmq | 1.6.14 |
| broadcom | rabbitmq_server | 3.4.1 |
| pivotal_software | rabbitmq | 1.5.17 |
| pivotal_software | rabbitmq | 1.5.8 |
| pivotal_software | rabbitmq | 3.6.0 |
| pivotal_software | rabbitmq | 1.7.3 |
| pivotal_software | rabbitmq | 1.7.4 |
| pivotal_software | rabbitmq | 3.6.4 |
| pivotal_software | rabbitmq | 1.6.4 |
| pivotal_software | rabbitmq | 1.6.15 |
| pivotal_software | rabbitmq | 1.6.2 |
| pivotal_software | rabbitmq | 1.5.9 |
| pivotal_software | rabbitmq | 1.5.7 |
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pivotal_software | rabbitmq | 1.5.19 |
| vmware | rabbitmq | 3.5.3 |
| pivotal_software | rabbitmq | 1.6.13 |
| vmware | rabbitmq | 3.5.2 |
| vmware | rabbitmq | 3.4.1 |
| pivotal_software | rabbitmq | 1.7.7 |
| broadcom | rabbitmq_server | 3.6.7 |
| vmware | rabbitmq | 3.5.1 |
| broadcom | rabbitmq_server | 3.4.2 |
| pivotal_software | rabbitmq | 1.6.9 |
| pivotal_software | rabbitmq | 1.5.4 |
| pivotal_software | rabbitmq | 3.6.3 |
| pivotal_software | rabbitmq | 1.5.0 |
| pivotal_software | rabbitmq | 1.7.9 |
| pivotal_software | rabbitmq | 1.5.15 |
| pivotal_software | rabbitmq | 1.6.7 |
| pivotal_software | rabbitmq | 1.6.8 |
| pivotal_software | rabbitmq | 3.5.4 |
| vmware | rabbitmq | 3.4.4 |
| pivotal_software | rabbitmq | 3.6.5 |
| broadcom | rabbitmq_server | 3.5.2 |
| pivotal_software | rabbitmq | 1.5.6 |
| broadcom | rabbitmq_server | 3.4.0 |
| pivotal_software | rabbitmq | 1.7.10 |
| vmware | rabbitmq | 3.4.0 |
| pivotal_software | rabbitmq | 1.7.6 |
| pivotal_software | rabbitmq | 1.5.3 |
| pivotal_software | rabbitmq | 3.5.7 |
| pivotal_software | rabbitmq | 1.5.10 |
| vmware | rabbitmq | 3.5.0 |
| pivotal_software | rabbitmq | 1.7.13 |
| pivotal_software | rabbitmq | 1.5.18 |
| broadcom | rabbitmq_server | 3.5.1 |
| pivotal_software | rabbitmq | 1.6.16 |
| pivotal_software | rabbitmq | 1.7.14 |
| pivotal_software | rabbitmq | 1.5.2 |
| broadcom | rabbitmq_server | 3.4.3 |
| broadcom | rabbitmq_server | 3.5.3 |
| pivotal_software | rabbitmq | 1.7.0 |
| pivotal_software | rabbitmq | 1.5.14 |
| vmware | rabbitmq | 3.6.7 |
| vmware | rabbitmq | 3.4.2 |
| debian | debian_linux | 9.0 |
| pivotal_software | rabbitmq | 1.7.2 |
| pivotal_software | rabbitmq | 1.6.1 |
| pivotal_software | rabbitmq | 1.6.3 |
| pivotal_software | rabbitmq | 1.6.12 |
| broadcom | rabbitmq_server | 3.5.6 |
| broadcom | rabbitmq_server | 3.5.0 |
| pivotal_software | rabbitmq | 1.5.12 |
| pivotal_software | rabbitmq | 1.6.6 |
| pivotal_software | rabbitmq | 3.6.1 |
| pivotal_software | rabbitmq | 1.5.5 |
| pivotal_software | rabbitmq | 1.5.13 |
| pivotal_software | rabbitmq | 1.5.11 |
| pivotal_software | rabbitmq | 1.6.10 |
| pivotal_software | rabbitmq | 1.7.5 |
| pivotal_software | rabbitmq | 3.6.6 |
| vmware | rabbitmq | 3.4.3 |
| broadcom | rabbitmq_server | 3.4.4 |
| pivotal_software | rabbitmq | 1.6.5 |
| pivotal_software | rabbitmq | 3.6.2 |
| pivotal_software | rabbitmq | 1.7.8 |
| pivotal_software | rabbitmq | 3.5.5 |
| vmware | rabbitmq | 3.5.6 |
| pivotal_software | rabbitmq | 1.6.0 |
| pivotal_software | rabbitmq | 1.5.1 |
| pivotal_software | rabbitmq | 1.6.14 |
| broadcom | rabbitmq_server | 3.4.1 |
| pivotal_software | rabbitmq | 1.5.17 |
| pivotal_software | rabbitmq | 1.5.8 |
| pivotal_software | rabbitmq | 3.6.0 |
| pivotal_software | rabbitmq | 1.7.3 |
| pivotal_software | rabbitmq | 1.7.4 |
| pivotal_software | rabbitmq | 3.6.4 |
| pivotal_software | rabbitmq | 1.6.4 |
| pivotal_software | rabbitmq | 1.6.15 |
| pivotal_software | rabbitmq | 1.6.2 |
| pivotal_software | rabbitmq | 1.5.9 |
| pivotal_software | rabbitmq | 1.5.7 |
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pivotal_software | rabbitmq | 1.5.19 |
| vmware | rabbitmq | 3.5.3 |
| pivotal_software | rabbitmq | 1.6.13 |
| vmware | rabbitmq | 3.5.2 |
| vmware | rabbitmq | 3.4.1 |
| pivotal_software | rabbitmq | 1.7.7 |
| broadcom | rabbitmq_server | 3.6.7 |
| vmware | rabbitmq | 3.5.1 |
| broadcom | rabbitmq_server | 3.4.2 |
| pivotal_software | rabbitmq | 1.6.9 |
| pivotal_software | rabbitmq | 1.5.4 |
| pivotal_software | rabbitmq | 3.6.3 |
| pivotal_software | rabbitmq | 1.5.0 |
| pivotal_software | rabbitmq | 1.7.9 |
| pivotal_software | rabbitmq | 1.5.15 |
| pivotal_software | rabbitmq | 1.6.7 |
| pivotal_software | rabbitmq | 1.6.8 |
| pivotal_software | rabbitmq | 3.5.4 |
| vmware | rabbitmq | 3.4.4 |
| pivotal_software | rabbitmq | 3.6.5 |
| broadcom | rabbitmq_server | 3.5.2 |
| pivotal_software | rabbitmq | 1.5.6 |
| broadcom | rabbitmq_server | 3.4.0 |
| pivotal_software | rabbitmq | 1.7.10 |
| vmware | rabbitmq | 3.4.0 |
| pivotal_software | rabbitmq | 1.7.6 |
| pivotal_software | rabbitmq | 1.5.3 |
| pivotal_software | rabbitmq | 3.5.7 |
| pivotal_software | rabbitmq | 1.5.10 |
| vmware | rabbitmq | 3.5.0 |
| pivotal_software | rabbitmq | 1.7.13 |
| pivotal_software | rabbitmq | 1.5.18 |
| broadcom | rabbitmq_server | 3.5.1 |
| pivotal_software | rabbitmq | 1.6.16 |
| pivotal_software | rabbitmq | 1.7.14 |
| pivotal_software | rabbitmq | 1.5.2 |
| broadcom | rabbitmq_server | 3.4.3 |
| broadcom | rabbitmq_server | 3.5.3 |
| pivotal_software | rabbitmq | 1.7.0 |
| pivotal_software | rabbitmq | 1.5.14 |
| vmware | rabbitmq | 3.6.7 |
| vmware | rabbitmq | 3.4.2 |
| debian | debian_linux | 9.0 |
| pivotal_software | rabbitmq | 1.7.2 |
| pivotal_software | rabbitmq | 1.6.1 |
| pivotal_software | rabbitmq | 1.6.3 |
| pivotal_software | rabbitmq | 1.6.12 |
| broadcom | rabbitmq_server | 3.5.6 |
| broadcom | rabbitmq_server | 3.5.0 |
| pivotal_software | rabbitmq | 1.5.12 |
| pivotal_software | rabbitmq | 1.6.6 |
| pivotal_software | rabbitmq | 3.6.1 |
| pivotal_software | rabbitmq | 1.5.5 |
| pivotal_software | rabbitmq | 1.5.13 |
| pivotal_software | rabbitmq | 1.5.11 |
| pivotal_software | rabbitmq | 1.6.10 |
| pivotal_software | rabbitmq | 1.7.5 |
| pivotal_software | rabbitmq | 3.6.6 |
| vmware | rabbitmq | 3.4.3 |
| broadcom | rabbitmq_server | 3.4.4 |
| pivotal_software | rabbitmq | 1.6.5 |
| pivotal_software | rabbitmq | 3.6.2 |
| pivotal_software | rabbitmq | 1.7.8 |
| pivotal_software | rabbitmq | 3.5.5 |
| vmware | rabbitmq | 3.5.6 |
| pivotal_software | rabbitmq | 1.6.0 |
| pivotal_software | rabbitmq | 1.5.1 |
| pivotal_software | rabbitmq | 1.6.14 |
| broadcom | rabbitmq_server | 3.4.1 |
| pivotal_software | rabbitmq | 1.5.17 |
| pivotal_software | rabbitmq | 1.5.8 |
| pivotal_software | rabbitmq | 3.6.0 |
| pivotal_software | rabbitmq | 1.7.3 |
| pivotal_software | rabbitmq | 1.7.4 |
| pivotal_software | rabbitmq | 3.6.4 |
| pivotal_software | rabbitmq | 1.6.4 |
| pivotal_software | rabbitmq | 1.6.15 |
| pivotal_software | rabbitmq | 1.6.2 |
| pivotal_software | rabbitmq | 1.5.9 |
| pivotal_software | rabbitmq | 1.5.7 |
Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brocade | fabric_os | 8.0.1b1 |
| broadcom | fabric_operating_system | 8.1.1 |
| brocade | fabric_os | 8.0.2b1 |
| broadcom | fabric_operating_system | 8.0.2 |
| broadcom | fabric_operating_system | * |
| brocade | fabric_os | 8.1.0c1 |
A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 8.0.0 |
| broadcom | fabric_operating_system | 8.0.1 |
| broadcom | fabric_operating_system | 8.1.2 |
| broadcom | fabric_operating_system | 8.1.1 |
| broadcom | fabric_operating_system | 8.1.0 |
| broadcom | fabric_operating_system | 8.0.2 |
| broadcom | fabric_operating_system | * |
| brocade | fabric_os | 8.0.2b2 |
Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | * |
On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE).
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | hardmac_wi-fi_soc_firmware | 6.37.34.40 |
Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to execute arbitrary code via a crafted reassociation response frame with a Cisco IE (156).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | bcm4339_soc_firmware | 6.37.34.40 |
Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | bcm43xx_wi-fi_chipset_firmware | - |
get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.3.0 |
Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | project_portfolio_management | 15.3 |
| broadcom | project_portfolio_management | * |
| broadcom | project_portfolio_management | 15.2 |
| broadcom | project_portfolio_management | 15.1 |
| broadcom | project_portfolio_management | 14.4 |
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | project_portfolio_management | * |
| ca | project_portfolio_management | 15.3 |
| broadcom | project_portfolio_management | 15.1 |
| ca | project_portfolio_management | 15.2 |
| broadcom | project_portfolio_management | 14.4 |
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | project_portfolio_management | * |
| ca | project_portfolio_management | 15.3 |
| broadcom | project_portfolio_management | 15.1 |
| ca | project_portfolio_management | 15.2 |
| broadcom | project_portfolio_management | 14.4 |
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | project_portfolio_management | * |
| ca | project_portfolio_management | 15.3 |
| broadcom | project_portfolio_management | 15.1 |
| ca | project_portfolio_management | 15.2 |
| broadcom | project_portfolio_management | 14.4 |
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | project_portfolio_management | * |
| ca | project_portfolio_management | 15.3 |
| broadcom | project_portfolio_management | 15.1 |
| ca | project_portfolio_management | 15.2 |
| broadcom | project_portfolio_management | 14.4 |
CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-203,CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_identity_suite_virtual_appliance | * |
| broadcom | ca_identity_governance | 12.6 |
| broadcom | ca_identity_governance | * |
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | release_automation | * |
A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.3.0 |
Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.3.0 |
An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.3.0 |
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_proxysg | 6.6 |
| broadcom | symantec_proxysg | * |
| broadcom | advanced_secure_gateway | * |
| broadcom | advanced_secure_gateway | 6.6 |
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-327,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_proxysg | 6.6 |
| broadcom | symantec_proxysg | * |
| broadcom | advanced_secure_gateway | * |
| broadcom | advanced_secure_gateway | 6.6 |
A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.3.0 |
| fedoraproject | fedora | 28 |
| fedoraproject | fedora | 29 |
A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.3.0 |
| fedoraproject | fedora | 28 |
| fedoraproject | fedora | 29 |
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | service_desk_manager | 17.0 |
| ca | service_desk_manager | 14.1 |
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-269,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | service_desk_manager | 17.0 |
| ca | service_desk_manager | 14.1 |
Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | bcm43438a1_firmware | 2014-06-02 |
| cypress | cyw20704ua1kffb1gt_firmware | - |
| cypress | cyw20706ua1kffb1g_firmware | - |
| cypress | cyw20730a1kmlg_firmware | - |
| cypress | cyw20734ua1kffb3gt_firmware | - |
| cypress | cyw20730a1kml2g_firmware | - |
| cypress | cyw20705b0kwfbgt_firmware | - |
| cypress | cyw20733a2kml1g_firmware | - |
| cypress | cyw20707ua1kffb1g_firmware | - |
| cypress | cyw20703ua1kffb1gt_firmware | - |
| cypress | cyw20730a1kmlgt_firmware | - |
| cypress | cyw20705b0kwfbg_firmware | - |
| cypress | cyw20706ua1kffb1gt_firmware | - |
| cypress | cyw20702a1kwfbgt_firmware | - |
| cypress | cyw4354xkubgt_firmware | - |
| cypress | cyw20706ua2kffb4g_firmware | - |
| cypress | cyw20704ua2kffb1g_firmware | - |
| cypress | cyw89072brfb5g_firmware | - |
| cypress | cyw20733a1kfb1gt_firmware | - |
| cypress | cyw20733a2kfb1g_firmware | - |
| cypress | cyw20730a1kml2gt_firmware | - |
| cypress | cyw20733a2kml1gt_firmware | - |
| cypress | cyw20703ua1kffb1g_firmware | - |
| cypress | cyw20702b0kwfbg_firmware | - |
| cypress | cyw20730a2kfbg_firmware | - |
| cypress | cyw43438kubgt_firmware | - |
| cypress | cyw20704ua1kffb1g_firmware | - |
| cypress | cyw20733a3kml1g_firmware | - |
| cypress | cyw4343wkubgt_firmware | - |
| cypress | cyw20707ua1kffb4g_firmware | - |
| cypress | cyw20733a3kfb1gt_firmware | - |
| cypress | cyw20707va1pkwbgt_firmware | - |
| cypress | cyw89335lcubgt_firmware | - |
| cypress | cyw20707ua2kffb4gt_firmware | - |
| cypress | cyw20730a2kml2gt_firmware | - |
| cypress | cyw20730a1kfbgt_firmware | - |
| cypress | cyw20702b0kwfbgt_firmware | - |
| cypress | cyw20702a1kwfbg_firmware | - |
| cypress | cyw20730a2kfbgt_firmware | - |
| cypress | cyw20730a1kfbg_firmware | - |
| cypress | cyw4343wkwbgt_firmware | - |
| cypress | cyw20704ua2kffb1gt_firmware | - |
| cypress | cyw20706ua1kffb4g_firmware | - |
| cypress | cyw20707va2pkwbgt_firmware | - |
| cypress | cyw20707ua2kffb4g_firmware | - |
| cypress | cyw89335l2cubgt_firmware | - |
| cypress | cyw20733a3kfb2gt_firmware | - |
| cypress | cyw20734ua2kffb3gt_firmware | - |
| cypress | cyw20733a3kml1gt_firmware | - |
| cypress | cyw20707a2kubgt_firmware | - |
| cypress | cyw20705a1kwfbgt_firmware | - |
| cypress | cyw20733a3kfb1g_firmware | - |
| cypress | cyw20734ua1kffb3g_firmware | - |
| cypress | cyw20733a2kfb1gt_firmware | - |
| cypress | cyw89072brfb5gt_firmware | - |
| cypress | cyw20734ua2kffb3g_firmware | - |
| cypress | cyw20707ua1kffb4gt_firmware | - |
| cypress | cyw4354kkwbgt_firmware | - |
| cypress | cyw20730a2kml2g_firmware | - |
| cypress | cyw89071a1cubxgt_firmware | - |
| cypress | cyw20706ua2kffb4gt_firmware | - |
| broadcom | bcm4335c0_firmware | 2012-12-11 |
| cypress | cyw4343w1kubgt_firmware | - |
Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | * |
Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | * |
Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_proxysg | 6.5 |
| broadcom | symantec_proxysg | 6.6 |
| broadcom | advanced_secure_gateway | 6.7 |
| broadcom | symantec_proxysg | 6.7 |
| broadcom | advanced_secure_gateway | 6.6 |
A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system.
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-384,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_network_advisor | * |
A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 8.1.1a |
| broadcom | fabric_operating_system | 8.1.2c |
| broadcom | fabric_operating_system | 7.4.2f |
| broadcom | fabric_operating_system | 3.1 |
| broadcom | fabric_operating_system | 8.2.1d |
| broadcom | fabric_operating_system | 8.0.1b |
| broadcom | fabric_operating_system | 8.2.2a |
| broadcom | fabric_operating_system | 8.0.2d |
| broadcom | fabric_operating_system | 7.4.1 |
| broadcom | fabric_operating_system | 8.0.0 |
| broadcom | fabric_operating_system | 7.4.1c |
| broadcom | fabric_operating_system | 8.2.2 |
| broadcom | fabric_operating_system | 8.1.0 |
| broadcom | fabric_operating_system | 7.4.1a |
| broadcom | fabric_operating_system | 8.0.2f |
| broadcom | fabric_operating_system | 8.0.2a |
| broadcom | fabric_operating_system | 7.4.1b |
| broadcom | fabric_operating_system | 8.1.2j |
| broadcom | fabric_operating_system | 7.4.2b |
| broadcom | fabric_operating_system | 8.2.2b |
| broadcom | fabric_operating_system | 8.0.2 |
| broadcom | fabric_operating_system | 5.2.0a |
| broadcom | fabric_operating_system | 8.0.2c |
| broadcom | fabric_operating_system | 7.4.2c |
| broadcom | fabric_operating_system | 8.1.2f |
| broadcom | fabric_operating_system | 5.0.5b |
| broadcom | fabric_operating_system | 7.4.1e |
| broadcom | fabric_operating_system | 8.1.0a |
| broadcom | fabric_operating_system | 7.4.0 |
| broadcom | fabric_operating_system | 8.0.2b |
| broadcom | fabric_operating_system | 7.4.2 |
| broadcom | fabric_operating_system | 8.1.0c |
| broadcom | fabric_operating_system | 7.4.1d |
| broadcom | fabric_operating_system | 8.1.1 |
| broadcom | fabric_operating_system | 2.2 |
| broadcom | fabric_operating_system | 7.4.2a |
| broadcom | fabric_operating_system | 8.1.2d |
| broadcom | fabric_operating_system | 8.1.2a |
| broadcom | fabric_operating_system | 8.2.1a |
| broadcom | fabric_operating_system | 8.1.2b |
| broadcom | fabric_operating_system | 8.2.1b |
| broadcom | fabric_operating_system | 8.0.1 |
| broadcom | fabric_operating_system | 8.0.1a |
| broadcom | fabric_operating_system | 8.2.3 |
| broadcom | fabric_operating_system | 7.4.2d |
| broadcom | fabric_operating_system | 8.1.2e |
| broadcom | fabric_operating_system | 8.1.0b |
| broadcom | fabric_operating_system | 8.2.0a |
| broadcom | fabric_operating_system | 8.1.2 |
| broadcom | fabric_operating_system | 8.2.1 |
| broadcom | fabric_operating_system | 2.1.2 |
| broadcom | fabric_operating_system | 5.2.0 |
| broadcom | fabric_operating_system | 8.2.1c |
| broadcom | fabric_operating_system | 8.2.0 |
| broadcom | fabric_operating_system | 8.2.2a1 |
A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_api_developer_portal | 4.0 |
| broadcom | ca_api_developer_portal | * |
| broadcom | ca_api_developer_portal | 4.1 |
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | privileged_access_manager | * |
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | privileged_access_manager | * |
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | privileged_access_manager | * |
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | privileged_access_manager | * |
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | privileged_access_manager | * |
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-384,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | privileged_access_manager | * |
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-326,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | privileged_access_manager | * |
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | privileged_access_manager | * |
An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-284,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_client_automation | 14.0 |
| broadcom | ca_workload_automation_ae | 11.3.6 |
| broadcom | ca_workload_automation_ae | 11.3.5 |
CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| vuln@ca.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-798,CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_performance_management | * |
| broadcom | network_operations | * |
| broadcom | ca_performance_management | 3.5.0 |
CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| vuln@ca.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-798,CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | network_flow_analysis | 10.0.0 |
| broadcom | network_flow_analysis | * |
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.1 | LOW | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N | 1.6 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-367,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | bcm43012_firmware | - |
| broadcom | bcm4375_firmware | - |
| broadcom | bcm43013_firmware | - |
| apple | mac_os_x | * |
| broadcom | bcm4389_firmware | - |
| apple | ipados | * |
| apple | iphone_os | * |
| broadcom | bcm4356_firmware | - |
| broadcom | bcm43752_firmware | - |
Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-330,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-311,CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-327,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N | 2.2 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-311,CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing authentication controls.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_critical_system_protection | 8.0.0 |
The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | 3.9 | 2.5 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_proxysg | * |
| broadcom | advanced_secure_gateway | * |
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| broadcom | fabric_operating_system | - |
| canonical | ubuntu_linux | 19.10 |
| linux | linux_kernel | * |
| canonical | ubuntu_linux | 16.04 |
| netapp | element_software | - |
| netapp | hci_management_node | - |
| netapp | a400_firmware | - |
| netapp | h610s_firmware | - |
| netapp | 8300_firmware | - |
| netapp | 8700_firmware | - |
| canonical | ubuntu_linux | 14.04 |
| netapp | solidfire | - |
| netapp | e-series_santricity_os_controller | * |
| netapp | a700s_firmware | - |
| netapp | data_availability_services | - |
| canonical | ubuntu_linux | 18.04 |
| netapp | cloud_backup | - |
| opensuse | leap | 15.1 |
| netapp | steelstore_cloud_integrated_storage | - |
| debian | debian_linux | 8.0 |
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| broadcom | fabric_operating_system | - |
| linux | linux_kernel | 5.1 |
| linux | linux_kernel | * |
| netapp | hci_management_node | - |
| netapp | h610s_firmware | - |
| netapp | hci_compute_node | - |
| netapp | fas8300_firmware | - |
| netapp | solidfire | - |
| redhat | enterprise_linux | 7.0 |
| netapp | aff_a400_firmware | - |
| netapp | e-series_santricity_os_controller | * |
| opensuse | leap | 15.0 |
| netapp | aff_a700s_firmware | - |
| netapp | data_availability_services | - |
| netapp | fas8700_firmware | - |
| opensuse | leap | 15.1 |
| netapp | hci_storage_node | - |
| netapp | steelstore_cloud_integrated_storage | - |
Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| netapp | e-series_santricity_os_controller | 11.60 |
| canonical | ubuntu_linux | 19.10 |
| netapp | hci_baseboard_management_controller | h610s |
| netapp | e-series_santricity_os_controller | 11.0 |
| netapp | e-series_santricity_os_controller | 11.30 |
| broadcom | brocade_fabric_operating_system_firmware | - |
| netapp | e-series_santricity_os_controller | 11.30.5r3 |
| netapp | solidfire_&_hci_management_node | - |
| netapp | e-series_santricity_os_controller | 11.60.1 |
| netapp | e-series_santricity_os_controller | 11.60.3 |
| netapp | e-series_santricity_os_controller | 11.70.1 |
| netapp | e-series_santricity_os_controller | 11.20 |
| netapp | data_availability_services | - |
| canonical | ubuntu_linux | 18.04 |
| netapp | cloud_backup | - |
| netapp | e-series_santricity_os_controller | 11.50.1 |
| netapp | fas/aff_baseboard_management_controller | - |
| netapp | solidfire,_enterprise_sds_&_hci_storage_node | - |
| netapp | solidfire_baseboard_management_controller_firmware | - |
| netapp | e-series_santricity_os_controller | 11.0.0 |
| linux | linux_kernel | * |
| netapp | e-series_santricity_os_controller | 11.40 |
| netapp | hci_compute_node_firmware | - |
| netapp | e-series_santricity_os_controller | 11.40.5 |
| netapp | e-series_santricity_os_controller | 11.70.2 |
| netapp | e-series_santricity_os_controller | 11.50.2 |
| netapp | e-series_santricity_os_controller | 11.40.3r2 |
| netapp | e-series_santricity_os_controller | 11.60.0 |
| netapp | e-series_santricity_os_controller | 11.25 |
| netapp | aff_baseboard_management_controller | - |
| netapp | steelstore_cloud_integrated_storage | - |
A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| broadcom | fabric_operating_system | - |
| canonical | ubuntu_linux | 19.10 |
| linux | linux_kernel | * |
| netapp | hci_management_node | - |
| netapp | h610s_firmware | - |
| netapp | hci_compute_node | - |
| netapp | fas8300_firmware | - |
| netapp | solidfire | - |
| linux | linux_kernel | 5.5 |
| netapp | aff_a400_firmware | - |
| netapp | e-series_santricity_os_controller | * |
| netapp | aff_a700s_firmware | - |
| fedoraproject | fedora | 30 |
| netapp | data_availability_services | - |
| canonical | ubuntu_linux | 18.04 |
| netapp | fas8700_firmware | - |
| netapp | hci_storage_node | - |
| netapp | steelstore_cloud_integrated_storage | - |
| fedoraproject | fedora | 31 |
A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| netapp | e-series_santricity_os_controller | 11.60 |
| canonical | ubuntu_linux | 19.10 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 19.04 |
| netapp | hci_baseboard_management_controller | h610s |
| netapp | e-series_santricity_os_controller | 11.0 |
| oracle | sd-wan_edge | 8.2 |
| netapp | e-series_santricity_os_controller | 11.30 |
| broadcom | brocade_fabric_operating_system_firmware | - |
| canonical | ubuntu_linux | 14.04 |
| netapp | e-series_santricity_os_controller | 11.30.5r3 |
| netapp | solidfire_&_hci_management_node | - |
| netapp | e-series_santricity_os_controller | 11.60.1 |
| netapp | e-series_santricity_os_controller | 11.60.3 |
| netapp | e-series_santricity_os_controller | 11.70.1 |
| netapp | e-series_santricity_os_controller | 11.20 |
| netapp | data_availability_services | - |
| canonical | ubuntu_linux | 18.04 |
| netapp | cloud_backup | - |
| opensuse | leap | 15.1 |
| netapp | e-series_santricity_os_controller | 11.50.1 |
| debian | debian_linux | 8.0 |
| netapp | fas/aff_baseboard_management_controller | - |
| netapp | solidfire,_enterprise_sds_&_hci_storage_node | - |
| netapp | solidfire_baseboard_management_controller_firmware | - |
| netapp | e-series_santricity_os_controller | 11.0.0 |
| linux | linux_kernel | * |
| netapp | e-series_santricity_os_controller | 11.40 |
| netapp | hci_compute_node_firmware | - |
| netapp | e-series_santricity_os_controller | 11.40.5 |
| netapp | e-series_santricity_os_controller | 11.70.2 |
| netapp | e-series_santricity_os_controller | 11.50.2 |
| netapp | e-series_santricity_os_controller | 11.40.3r2 |
| netapp | e-series_santricity_os_controller | 11.60.0 |
| netapp | e-series_santricity_os_controller | 11.25 |
| netapp | aff_baseboard_management_controller | - |
| netapp | steelstore_cloud_integrated_storage | - |
A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| netapp | e-series_santricity_os_controller | 11.60 |
| canonical | ubuntu_linux | 19.10 |
| netapp | hci_baseboard_management_controller | h610s |
| netapp | e-series_santricity_os_controller | 11.0 |
| netapp | e-series_santricity_os_controller | 11.30 |
| broadcom | brocade_fabric_operating_system_firmware | - |
| netapp | e-series_santricity_os_controller | 11.30.5r3 |
| netapp | solidfire_&_hci_management_node | - |
| netapp | e-series_santricity_os_controller | 11.60.1 |
| netapp | e-series_santricity_os_controller | 11.60.3 |
| netapp | e-series_santricity_os_controller | 11.70.1 |
| netapp | e-series_santricity_os_controller | 11.20 |
| netapp | data_availability_services | - |
| canonical | ubuntu_linux | 18.04 |
| netapp | cloud_backup | - |
| netapp | e-series_santricity_os_controller | 11.50.1 |
| netapp | fas/aff_baseboard_management_controller | - |
| netapp | solidfire,_enterprise_sds_&_hci_storage_node | - |
| netapp | solidfire_baseboard_management_controller_firmware | - |
| netapp | e-series_santricity_os_controller | 11.0.0 |
| linux | linux_kernel | * |
| netapp | e-series_santricity_os_controller | 11.40 |
| netapp | hci_compute_node_firmware | - |
| netapp | e-series_santricity_os_controller | 11.40.5 |
| netapp | e-series_santricity_os_controller | 11.70.2 |
| netapp | e-series_santricity_os_controller | 11.50.2 |
| netapp | e-series_santricity_os_controller | 11.40.3r2 |
| netapp | e-series_santricity_os_controller | 11.60.0 |
| netapp | e-series_santricity_os_controller | 11.25 |
| netapp | aff_baseboard_management_controller | - |
| netapp | steelstore_cloud_integrated_storage | - |
A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.0 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| netapp | e-series_santricity_os_controller | 11.60 |
| canonical | ubuntu_linux | 16.04 |
| netapp | hci_baseboard_management_controller | h610s |
| netapp | e-series_santricity_os_controller | 11.0 |
| canonical | ubuntu_linux | 20.04 |
| netapp | e-series_santricity_os_controller | 11.30 |
| broadcom | brocade_fabric_operating_system_firmware | - |
| canonical | ubuntu_linux | 14.04 |
| netapp | e-series_santricity_os_controller | 11.30.5r3 |
| netapp | solidfire_&_hci_management_node | - |
| netapp | e-series_santricity_os_controller | 11.60.1 |
| netapp | e-series_santricity_os_controller | 11.60.3 |
| netapp | e-series_santricity_os_controller | 11.70.1 |
| fedoraproject | fedora | 30 |
| netapp | e-series_santricity_os_controller | 11.20 |
| netapp | data_availability_services | - |
| canonical | ubuntu_linux | 18.04 |
| netapp | cloud_backup | - |
| opensuse | leap | 15.1 |
| netapp | e-series_santricity_os_controller | 11.50.1 |
| netapp | fas/aff_baseboard_management_controller | - |
| netapp | solidfire,_enterprise_sds_&_hci_storage_node | - |
| netapp | solidfire_baseboard_management_controller_firmware | - |
| netapp | e-series_santricity_os_controller | 11.0.0 |
| linux | linux_kernel | * |
| netapp | e-series_santricity_os_controller | 11.40 |
| netapp | hci_compute_node_firmware | - |
| netapp | e-series_santricity_os_controller | 11.40.5 |
| netapp | e-series_santricity_os_controller | 11.70.2 |
| netapp | e-series_santricity_os_controller | 11.50.2 |
| netapp | e-series_santricity_os_controller | 11.40.3r2 |
| netapp | e-series_santricity_os_controller | 11.60.0 |
| netapp | e-series_santricity_os_controller | 11.25 |
| netapp | aff_baseboard_management_controller | - |
| netapp | steelstore_cloud_integrated_storage | - |
| fedoraproject | fedora | 31 |
Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| netapp | e-series_santricity_os_controller | 11.60 |
| canonical | ubuntu_linux | 19.10 |
| canonical | ubuntu_linux | 16.04 |
| netapp | hci_baseboard_management_controller | h610s |
| netapp | e-series_santricity_os_controller | 11.0 |
| netapp | e-series_santricity_os_controller | 11.30 |
| broadcom | brocade_fabric_operating_system_firmware | - |
| canonical | ubuntu_linux | 14.04 |
| netapp | e-series_santricity_os_controller | 11.30.5r3 |
| netapp | solidfire_&_hci_management_node | - |
| netapp | e-series_santricity_os_controller | 11.60.1 |
| netapp | e-series_santricity_os_controller | 11.60.3 |
| netapp | e-series_santricity_os_controller | 11.70.1 |
| fedoraproject | fedora | 30 |
| netapp | e-series_santricity_os_controller | 11.20 |
| netapp | data_availability_services | - |
| canonical | ubuntu_linux | 18.04 |
| netapp | cloud_backup | - |
| opensuse | leap | 15.1 |
| netapp | e-series_santricity_os_controller | 11.50.1 |
| debian | debian_linux | 8.0 |
| netapp | fas/aff_baseboard_management_controller | - |
| netapp | solidfire,_enterprise_sds_&_hci_storage_node | - |
| netapp | solidfire_baseboard_management_controller_firmware | - |
| netapp | e-series_santricity_os_controller | 11.0.0 |
| linux | linux_kernel | * |
| netapp | e-series_santricity_os_controller | 11.40 |
| netapp | hci_compute_node_firmware | - |
| netapp | e-series_santricity_os_controller | 11.40.5 |
| netapp | e-series_santricity_os_controller | 11.70.2 |
| netapp | e-series_santricity_os_controller | 11.50.2 |
| netapp | e-series_santricity_os_controller | 11.40.3r2 |
| netapp | e-series_santricity_os_controller | 11.60.0 |
| netapp | e-series_santricity_os_controller | 11.25 |
| netapp | aff_baseboard_management_controller | - |
| netapp | steelstore_cloud_integrated_storage | - |
| fedoraproject | fedora | 31 |
A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| netapp | e-series_santricity_os_controller | 11.60 |
| canonical | ubuntu_linux | 19.10 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 19.04 |
| netapp | hci_baseboard_management_controller | h610s |
| netapp | e-series_santricity_os_controller | 11.0 |
| netapp | e-series_santricity_os_controller | 11.30 |
| broadcom | brocade_fabric_operating_system_firmware | - |
| canonical | ubuntu_linux | 14.04 |
| netapp | e-series_santricity_os_controller | 11.30.5r3 |
| netapp | solidfire_&_hci_management_node | - |
| netapp | e-series_santricity_os_controller | 11.60.1 |
| netapp | e-series_santricity_os_controller | 11.60.3 |
| netapp | e-series_santricity_os_controller | 11.70.1 |
| netapp | e-series_santricity_os_controller | 11.20 |
| netapp | data_availability_services | - |
| canonical | ubuntu_linux | 18.04 |
| netapp | cloud_backup | - |
| opensuse | leap | 15.1 |
| netapp | e-series_santricity_os_controller | 11.50.1 |
| netapp | fas/aff_baseboard_management_controller | - |
| netapp | solidfire,_enterprise_sds_&_hci_storage_node | - |
| netapp | solidfire_baseboard_management_controller_firmware | - |
| netapp | e-series_santricity_os_controller | 11.0.0 |
| linux | linux_kernel | * |
| netapp | e-series_santricity_os_controller | 11.40 |
| netapp | hci_compute_node_firmware | - |
| netapp | e-series_santricity_os_controller | 11.40.5 |
| netapp | e-series_santricity_os_controller | 11.70.2 |
| netapp | e-series_santricity_os_controller | 11.50.2 |
| netapp | e-series_santricity_os_controller | 11.40.3r2 |
| netapp | e-series_santricity_os_controller | 11.60.0 |
| netapp | e-series_santricity_os_controller | 11.25 |
| netapp | aff_baseboard_management_controller | - |
| netapp | steelstore_cloud_integrated_storage | - |
A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| netapp | e-series_santricity_os_controller | 11.60 |
| canonical | ubuntu_linux | 19.10 |
| canonical | ubuntu_linux | 16.04 |
| netapp | hci_baseboard_management_controller | h610s |
| netapp | e-series_santricity_os_controller | 11.0 |
| netapp | e-series_santricity_os_controller | 11.30 |
| broadcom | brocade_fabric_operating_system_firmware | - |
| canonical | ubuntu_linux | 14.04 |
| netapp | e-series_santricity_os_controller | 11.30.5r3 |
| netapp | solidfire_&_hci_management_node | - |
| netapp | e-series_santricity_os_controller | 11.60.1 |
| netapp | e-series_santricity_os_controller | 11.60.3 |
| netapp | e-series_santricity_os_controller | 11.70.1 |
| netapp | e-series_santricity_os_controller | 11.20 |
| netapp | data_availability_services | - |
| canonical | ubuntu_linux | 18.04 |
| netapp | cloud_backup | - |
| netapp | e-series_santricity_os_controller | 11.50.1 |
| netapp | fas/aff_baseboard_management_controller | - |
| netapp | solidfire,_enterprise_sds_&_hci_storage_node | - |
| netapp | solidfire_baseboard_management_controller_firmware | - |
| netapp | e-series_santricity_os_controller | 11.0.0 |
| linux | linux_kernel | * |
| netapp | e-series_santricity_os_controller | 11.40 |
| netapp | hci_compute_node_firmware | - |
| netapp | e-series_santricity_os_controller | 11.40.5 |
| netapp | e-series_santricity_os_controller | 11.70.2 |
| netapp | e-series_santricity_os_controller | 11.50.2 |
| netapp | e-series_santricity_os_controller | 11.40.3r2 |
| netapp | e-series_santricity_os_controller | 11.60.0 |
| netapp | e-series_santricity_os_controller | 11.25 |
| netapp | aff_baseboard_management_controller | - |
| netapp | steelstore_cloud_integrated_storage | - |
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.6 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 0.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| netapp | e-series_santricity_os_controller | 11.60 |
| canonical | ubuntu_linux | 19.10 |
| canonical | ubuntu_linux | 16.04 |
| netapp | hci_baseboard_management_controller | h610s |
| netapp | e-series_santricity_os_controller | 11.0 |
| oracle | sd-wan_edge | 8.2 |
| netapp | e-series_santricity_os_controller | 11.30 |
| broadcom | brocade_fabric_operating_system_firmware | - |
| canonical | ubuntu_linux | 14.04 |
| netapp | e-series_santricity_os_controller | 11.30.5r3 |
| netapp | solidfire_&_hci_management_node | - |
| netapp | e-series_santricity_os_controller | 11.60.1 |
| netapp | e-series_santricity_os_controller | 11.60.3 |
| netapp | e-series_santricity_os_controller | 11.70.1 |
| fedoraproject | fedora | 30 |
| netapp | e-series_santricity_os_controller | 11.20 |
| netapp | data_availability_services | - |
| canonical | ubuntu_linux | 18.04 |
| netapp | cloud_backup | - |
| opensuse | leap | 15.1 |
| netapp | e-series_santricity_os_controller | 11.50.1 |
| netapp | fas/aff_baseboard_management_controller | - |
| netapp | solidfire,_enterprise_sds_&_hci_storage_node | - |
| netapp | solidfire_baseboard_management_controller_firmware | - |
| netapp | e-series_santricity_os_controller | 11.0.0 |
| linux | linux_kernel | * |
| netapp | e-series_santricity_os_controller | 11.40 |
| netapp | hci_compute_node_firmware | - |
| netapp | e-series_santricity_os_controller | 11.40.5 |
| netapp | e-series_santricity_os_controller | 11.70.2 |
| netapp | e-series_santricity_os_controller | 11.50.2 |
| netapp | e-series_santricity_os_controller | 11.40.3r2 |
| netapp | e-series_santricity_os_controller | 11.60.0 |
| netapp | e-series_santricity_os_controller | 11.25 |
| netapp | aff_baseboard_management_controller | - |
| netapp | steelstore_cloud_integrated_storage | - |
| fedoraproject | fedora | 31 |
A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| broadcom | fabric_operating_system | - |
| canonical | ubuntu_linux | 19.10 |
| linux | linux_kernel | * |
| netapp | hci_management_node | - |
| netapp | h610s_firmware | - |
| netapp | hci_compute_node | - |
| netapp | fas8300_firmware | - |
| netapp | solidfire | - |
| netapp | aff_a400_firmware | - |
| netapp | e-series_santricity_os_controller | * |
| linux | linux_kernel | 5.4 |
| netapp | aff_a700s_firmware | - |
| netapp | data_availability_services | - |
| canonical | ubuntu_linux | 18.04 |
| netapp | fas8700_firmware | - |
| netapp | hci_storage_node | - |
| netapp | steelstore_cloud_integrated_storage | - |
An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| vuln@ca.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-502,CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | nolio | 6.6 |
An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agent for Windows that can allow a local attacker to gain escalated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| vuln@ca.com | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 1.3 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-65,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_client_automation | 14.0 |
| broadcom | ca_client_automation | 14.3 |
| broadcom | ca_client_automation | 14.1 |
| broadcom | ca_client_automation | 14.2 |
CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_automic_sysload | * |
CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setuid root, that allows local attackers to elevate privileges. This vulnerability was reported to CA several years after CA Automic Dollar Universe 5.3.3 reached End of Life (EOL) status on April 1, 2015.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_automic_dollar_universe | 5.3.3 |
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.2 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-125,CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | - |
| fedoraproject | fedora | 32 |
| gnu | glibc | * |
| debian | debian_linux | 10.0 |
| netapp | service_processor | - |
| netapp | 500f_firmware | - |
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | a250_firmware | - |
| fedoraproject | fedora | 33 |
Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | automic_workload_automation | * |
An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | privileged_access_manager | * |
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 28 |
| broadcom | tcpreplay | 4.3.1 |
| fedoraproject | fedora | 30 |
| fedoraproject | fedora | 29 |
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| fedoraproject | fedora | 28 |
| broadcom | tcpreplay | 4.3.1 |
| fedoraproject | fedora | 30 |
| fedoraproject | fedora | 29 |
| fedoraproject | fedora | 31 |
An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 28 |
| broadcom | tcpreplay | 4.3.1 |
| fedoraproject | fedora | 30 |
| fedoraproject | fedora | 29 |
The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-122,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | * |
| broadcom | brcmfmac_driver | - |
The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cret@cert.org | 7.9 | HIGH | CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H | 1.2 | 6.0 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-122,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| synology | router_manager | 1.2 |
| broadcom | bcm4339_firmware | - |
The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cret@cert.org | 7.9 | HIGH | CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H | 1.2 | 6.0 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-122,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| synology | router_manager | 1.2 |
| broadcom | bcm4339_firmware | - |
The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cret@cert.org | 7.9 | HIGH | CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H | 1.2 | 6.0 |
| nvd@nist.gov | 8.3 | HIGH | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H | 1.6 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| broadcom | brcmfmac_driver | - |
| redhat | enterprise_linux | 6.0 |
CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-639,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_api_developer_portal | * |
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-639,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_api_developer_portal | * |
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_api_developer_portal | * |
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_api_developer_portal | * |
CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_api_developer_portal | * |
CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_api_developer_portal | * |
CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_api_developer_portal | * |
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_api_developer_portal | * |
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_api_developer_portal | * |
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-674,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 12.04 |
| netapp | h700s_firmware | - |
| canonical | ubuntu_linux | 19.10 |
| netapp | h700e_firmware | - |
| netapp | h410c_firmware | - |
| canonical | ubuntu_linux | 16.04 |
| apple | mac_os_x | 10.13.6 |
| canonical | ubuntu_linux | 20.04 |
| canonical | ubuntu_linux | 14.04 |
| oracle | solaris | 10 |
| broadcom | brocade_fabric_operating_system | - |
| netapp | h500e_firmware | - |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 18.04 |
| netapp | cloud_backup | - |
| opensuse | leap | 15.1 |
| debian | debian_linux | 8.0 |
| oracle | zfs_storage_appliance_kit | 8.8 |
| netapp | h300e_firmware | - |
| netapp | h300s_firmware | - |
| apple | mac_os_x | * |
| oracle | solaris | 11 |
| netapp | h500s_firmware | - |
| netapp | h410s_firmware | - |
| debian | debian_linux | 10.0 |
| apple | mac_os_x | 10.14.6 |
| openldap | openldap | * |
| netapp | steelstore_cloud_integrated_storage | - |
A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_messaging_gateway | * |
An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_messaging_gateway | * |
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H | 2.2 | 4.7 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hp | envy_4524_f0v71b | - |
| epson | xp-8500 | - |
| hp | envy_photo_6234_k7s21b | - |
| hp | envy_7640 | - |
| hp | hp_deskjet_ink_advantage_4535_f0v64a | - |
| hp | deskjet_ink_advantage_4535_f0v64c | - |
| hp | envy_photo_7800_k7s00a | - |
| hp | hp_envy_4520_f0v63b | - |
| hp | hp_officejet_4655_k9v79a | - |
| hp | hp_envy_4520_e6g67b | - |
| hp | hp_envy_4511_k9h50a | - |
| hp | hp_envy_4512_k9h49a | - |
| hp | hp_officejet_4654_f1j06b | - |
| hp | hp_officejet_4655_f1j00a | - |
| hp | envy_5541_k7g89a | - |
| hp | officejet_4656_k9v81b | - |
| hp | envy_5532 | - |
| hp | hp_officejet_4650_e6g87a | - |
| hp | deskjet_ink_advantage_4675_f1h97c | - |
| hp | envy_4509_d3p94b | - |
| hp | envy_5540_g0v53a | - |
| hp | envy_100_cn519b | - |
| hp | deskjet_ink_advantage_3546_a9t82a | - |
| hp | envy_6020_5se16b | - |
| hp | hp_deskjet_ink_advantage_4536_f0v65a | - |
| hp | hp_officejet_4650_f1h96a | - |
| hp | deskjet_ink_advantage_4675_f1h97a | - |
| hp | envy_120_cz022b | - |
| hp | envy_4500_a9t80a | - |
| netgear | wnhde111 | - |
| hp | deskjet_ink_advantage_4676_f1h98a | - |
| hp | envy_4509_d3p94a | - |
| cisco | wap351 | - |
| hp | envy_4502_a9t87b | - |
| hp | envy_5539 | - |
| epson | xp-2101 | - |
| hp | 5020_z4a69a | - |
| hp | envy_5534 | - |
| hp | envy_110_cq809b | - |
| hp | 5660_f8b04a | - |
| hp | hp_envy_4524_f0v72b | - |
| epson | xp-620 | - |
| hp | deskjet_ink_advantage_3545_a9t83b | - |
| hp | envy_100_cn517b | - |
| hp | envy_5642_b9s64a | - |
| hp | envy_5540_g0v52a | - |
| hp | envy_4524_k9t01a | - |
| hp | deskjet_ink_advantage_4518 | - |
| hp | hp_deskjet_ink_advantage_4535_f0v64c | - |
| w1.fi | hostapd | * |
| epson | xp-960 | - |
| epson | xp-2105 | - |
| hp | envy_5544_k7c93a | - |
| hp | envy_5020_m2u91b | - |
| hp | envy_5643_b9s63a | - |
| hp | hp_deskjet_ink_advantage_4538_f0v66b | - |
| hp | envy_4528_k9t08b | - |
| tp-link | archer_c50 | - |
| hp | envy_6020_6wd35a | - |
| hp | envy_100_cn517c | - |
| hp | officejet_4655_f1j00a | - |
| hp | deskjet_ink_advantage_3456_a9t84c | - |
| dell | b1165nfw | - |
| asus | rt-n11 | - |
| hp | officejet_4652_f1j02a | - |
| hp | hp_deskjet_ink_advantage_4678_f1h99b | - |
| cisco | wap131 | - |
| hp | hp_envy_4524_k9t01a | - |
| epson | xp-340 | - |
| nec | wr8165n | - |
| hp | envy_pro_6420_5se46a | - |
| fedoraproject | fedora | 32 |
| hp | envy_5000_m2u91a | - |
| hp | envy_pro_6420_6wd14a | - |
| hp | deskjet_ink_advantage_5575_g0v48b | - |
| hp | envy_photo_7100_3xd89a | - |
| hp | envy_4516_k9h52a | - |
| hp | hp_officejet_4650_f1h96b | - |
| hp | hp_envy_4516_k9h52a | - |
| huawei | hg255s | - |
| hp | envy_4504_a9t88b | - |
| hp | envy_5540_g0v51a | - |
| hp | envy_5547_j6u64a | - |
| hp | hp_officejet_4657_v6d29b | - |
| epson | xp-4105 | - |
| hp | envy_4501_c8d05a | - |
| hp | deskjet_ink_advantage_4535_f0v64a | - |
| hp | envy_4520_f0v63a | - |
| ruckussecurity | zonedirector_1200 | - |
| hp | envy_photo_7800_y0g42d | - |
| hp | envy_4500_a9t80b | - |
| hp | envy_5664_f8b08a | - |
| hp | envy_100_cn518a | - |
| hp | envy_110_cq809c | - |
| hp | envy_4500_d3p93a | - |
| cisco | wap150 | - |
| hp | envy_5000_m2u85a | - |
| hp | hp_envy_4520_f0v69a | - |
| hp | hp_envy_4521_k9t10b | - |
| hp | deskjet_ink_advantage_5575_g0v48c | - |
| hp | hp_officejet_4655_k9v82b | - |
| hp | envy_5665_f8b06a | - |
| hp | hp_officejet_4652_k9v84b | - |
| hp | envy_100_cn517a | - |
| hp | envy_5646_f8b05a | - |
| hp | officejet_4658_v6d30b | - |
| hp | envy_7644_e4w46a | - |
| hp | envy_4522_f0v67a | - |
| hp | 5030_z4a70a | - |
| hp | hp_envy_4522_f0v67a | - |
| dlink | dvg-n5412sp | - |
| hp | envy_5540_g0v47a | - |
| hp | hp_envy_4526_k9t05b | - |
| hp | envy_5000_z4a74a | - |
| hp | envy_5640_b9s58a | - |
| hp | officejet_4655_k9v79a | - |
| hp | envy_photo_7100_k7g93a | - |
| hp | envy_4502_a9t85a | - |
| hp | envy_photo_6252_k7g22a | - |
| hp | envy_4512_k9h49a | - |
| hp | envy_4523_j6u60b | - |
| hp | hp_deskjet_ink_advantage_4676_f1h98a | - |
| epson | xp-320 | - |
| hp | officejet_4652_k9v84b | - |
| hp | envy_114_cq812a | - |
| hp | envy_5000_m2u85b | - |
| hp | deskjet_ink_advantage_4538_f0v66b | - |
| ui | unifi_controller | - |
| hp | envy_120_cz022c | - |
| zyxel | vmg8324-b10a | - |
| hp | envy_4521_k9t10b | - |
| hp | deskjet_ink_advantage_4515 | - |
| epson | ew-m970a3t | - |
| hp | envy_photo_7120_z3m41d | - |
| hp | envy_pro_6452_5se47a | - |
| debian | debian_linux | 10.0 |
| hp | envy_photo_7830_y0g50b | - |
| hp | envy_photo_6200_k7s21b | - |
| hp | hp_envy_4520_e6g67a | - |
| hp | envy_5000_m2u91a | * |
| hp | envy_4500_a9t89a | - |
| hp | hp_officejet_4658_v6d30b | - |
| hp | envy_4507_e6g70b | - |
| hp | envy_photo_7800_k7s10d | - |
| hp | envy_5530 | - |
| hp | envy_5531 | - |
| hp | envy_photo_6230_k7g25b | - |
| hp | envy_4525_k9t09b | - |
| hp | officejet_4650_f1h96b | - |
| hp | envy_111_cq810a | - |
| hp | hp_deskjet_ink_advantage_4675_f1h97a | - |
| microsoft | xbox_one | 10.0.19041.2494 |
| hp | envy_4505_a9t86a | - |
| hp | envy_4526_k9t05b | - |
| hp | envy_photo_7800_k7r96a | - |
| hp | envy_4511_k9h50a | - |
| hp | envy_5536 | - |
| huawei | hg532e | - |
| hp | deskjet_ink_advantage_3545_a9t81c | - |
| hp | hp_deskjet_ink_advantage_4535_f0v64b | - |
| hp | hp_deskjet_ink_advantage_4675_f1h97b | - |
| hp | hp_envy_4525_k9t09b | - |
| hp | envy_photo_7155_z3m52a | - |
| hp | envy_photo_6200_y0k13d_ | - |
| hp | officejet_4654_f1j07b | - |
| hp | hp_envy_4513_k9h51a | - |
| epson | m571t | - |
| hp | deskjet_ink_advantage_3545_a9t81a | - |
| hp | envy_5000_z4a54a | - |
| hp | envy_photo_7822_y0g42d | - |
| hp | envy_pro_6420_6wd16a | - |
| hp | envy_photo_7100_k7g99a | - |
| canonical | ubuntu_linux | 20.04 |
| hp | envy_4520_e6g67b | - |
| epson | xp-330 | - |
| hp | deskjet_ink_advantage_3548_a9t81b | - |
| epson | xp-100 | - |
| hp | envy_4513_k9h51a | - |
| zte | zxv10_w300 | - |
| hp | envy_4503_e6g71b | - |
| debian | debian_linux | 9.0 |
| hp | envy_photo_7822_y0g43d | - |
| hp | envy_pro_6420_5se45b | - |
| epson | ep-101 | - |
| hp | 5030_m2u92b | - |
| hp | envy_5535 | - |
| hp | officejet_4652_f1j05b | - |
| hp | envy_5546_k7c90a | - |
| hp | envy_photo_6220_k7g21b | - |
| hp | envy_photo_7100_z3m52a | - |
| epson | xp-4100 | - |
| microsoft | windows_10 | - |
| hp | envy_photo_7800_y0g52b | - |
| hp | envy_4520_f0v63b | - |
| hp | envy_photo_7164_k7g99a | - |
| hp | deskjet_ink_advantage_4536_f0v65a | - |
| hp | envy_photo_7100_z3m37a | - |
| hp | envy_4520_e6g67a | - |
| hp | hp_envy_4527_j6u61b | - |
| fedoraproject | fedora | 31 |
| zyxel | amg1202-t10b | - |
| hp | envy_5644_b9s65a | - |
| hp | envy_photo_6220_k7g20d | - |
| hp | hp_officejet_4652_f1j02a | - |
| hp | envy_photo_6200_y0k15a | - |
| hp | envy_4508_e6g72b | - |
| hp | envy_110_cq812c | - |
| epson | xp-241 | - |
| hp | deskjet_ink_advantage_4675_f1h97b | - |
| hp | envy_4504_c8d04a | - |
| hp | envy_5542_k7c88a | - |
| canon | selphy_cp1200 | - |
| hp | envy_5548_k7g87a | - |
| hp | envy_4524_f0v72b | - |
| epson | xp-440 | - |
| hp | envy_photo_6200_k7g18a | - |
| hp | hp_deskjet_ink_advantage_4675_f1h97c | - |
| hp | hp_envy_4520_f0v63a | - |
| hp | 5034_z4a74a | - |
| hp | envy_photo_6222_y0k14d | - |
| hp | hp_envy_4523_j6u60b | - |
| hp | envy_5544_k7c89a | - |
| hp | envy_114_cq811b | - |
| hp | envy_110_cq809d | - |
| hp | envy_5545_g0v50a | - |
| epson | xp-8600 | - |
| hp | envy_4520_f0v69a | - |
| hp | envy_5000_m2u94b | - |
| epson | xp-970 | - |
| hp | envy_7645_e4w44a | - |
| hp | hp_officejet_4652_f1j05b | - |
| hp | envy_100_cn519a | - |
| epson | xp-630 | - |
| hp | envy_110_cq809a | - |
| hp | hp_envy_4524_f0v71b | - |
| hp | envy_5540_k7c85a | - |
| hp | hp_envy_4528_k9t08b | - |
| hp | envy_5540_f2e72a | - |
| hp | envy_6052_5se18a | - |
| hp | envy_120_cz022a | - |
| hp | envy_6055_5se16a | - |
| hp | officejet_4654_f1j06b | - |
| hp | deskjet_ink_advantage_4535_f0v64b | - |
| hp | envy_6020_5se17a | - |
| hp | envy_6540_b9s59a | - |
| hp | envy_4527_j6u61b | - |
| hp | envy_pro_6455_5se45a | - |
| hp | hp_officejet_4656_k9v81b | - |
| hp | envy_5640_b9s56a | - |
| hp | hp_officejet_4654_f1j07b | - |
| hp | officejet_4657_v6d29b | - |
| hp | envy_photo_6232_k7g26b | - |
| hp | envy_114_cq811a | - |
| hp | officejet_4650_e6g87a | - |
| epson | xp-702 | - |
| hp | envy_photo_6200_k7g26b | - |
| hp | envy_5543_n9u88a | - |
| hp | envy_photo_6222_y0k13d | - |
| hp | officejet_4655_k9v82b | - |
| broadcom | adsl | - |
| hp | deskjet_ink_advantage_4678_f1h99b | - |
| hp | officejet_4650_f1h96a | - |
| hp | envy_6020_7cz37a | - |
tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| broadcom | tcpreplay | * |
| fedoraproject | fedora | 31 |
An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.0 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L | 1.8 | 3.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| docker | engine | * |
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 31 |
| broadcom | sannav | - |
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | 3.9 | 2.5 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | glib-networking | * |
| broadcom | fabric_operating_system | - |
| fedoraproject | fedora | 32 |
| canonical | ubuntu_linux | 19.10 |
| canonical | ubuntu_linux | 16.04 |
| gnome | balsa | 2.6.0 |
| canonical | ubuntu_linux | 20.04 |
| gnome | balsa | * |
| canonical | ubuntu_linux | 18.04 |
| netapp | cloud_backup | - |
| fedoraproject | fedora | 31 |
Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-521,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 8.2.2a |
| broadcom | fabric_operating_system | 8.2.2 |
| broadcom | fabric_operating_system | 8.2.1 |
| broadcom | fabric_operating_system | 8.2.1d |
| broadcom | fabric_operating_system | 8.2.2b |
| broadcom | fabric_operating_system | 8.2.1c |
| broadcom | fabric_operating_system | 8.2.1a |
| broadcom | fabric_operating_system | 8.2.2a1 |
| broadcom | fabric_operating_system | 8.2.1b |
Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 8.1.1a |
| broadcom | fabric_operating_system | 8.1.2c |
| broadcom | fabric_operating_system | 8.1.0a |
| broadcom | fabric_operating_system | 8.2.1d |
| broadcom | fabric_operating_system | 8.0.1b |
| broadcom | fabric_operating_system | 8.0.2b |
| broadcom | fabric_operating_system | 8.1.0c |
| broadcom | fabric_operating_system | 8.2.2a |
| broadcom | fabric_operating_system | 8.1.1 |
| broadcom | fabric_operating_system | 8.0.2d |
| broadcom | fabric_operating_system | 8.1.2d |
| broadcom | fabric_operating_system | 8.1.2a |
| broadcom | fabric_operating_system | 8.2.1a |
| broadcom | fabric_operating_system | 8.1.2b |
| broadcom | fabric_operating_system | 8.2.1b |
| broadcom | fabric_operating_system | 8.0.0 |
| broadcom | fabric_operating_system | 8.0.1 |
| broadcom | fabric_operating_system | 8.0.1a |
| broadcom | fabric_operating_system | 8.2.2 |
| broadcom | fabric_operating_system | 8.1.0 |
| broadcom | fabric_operating_system | 8.0.2f |
| broadcom | fabric_operating_system | 8.0.2a |
| broadcom | fabric_operating_system | 8.1.2e |
| broadcom | fabric_operating_system | 8.1.0b |
| broadcom | fabric_operating_system | 8.2.0a |
| broadcom | fabric_operating_system | 8.1.2j |
| broadcom | fabric_operating_system | 8.1.2 |
| broadcom | fabric_operating_system | 8.2.1 |
| broadcom | fabric_operating_system | 8.2.2b |
| broadcom | fabric_operating_system | 8.0.2 |
| broadcom | fabric_operating_system | 8.2.1c |
| broadcom | fabric_operating_system | 8.0.2c |
| broadcom | fabric_operating_system | 8.2.0 |
| broadcom | fabric_operating_system | 8.2.2a1 |
| broadcom | fabric_operating_system | 8.1.2f |
A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-913,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 8.2.2a |
| broadcom | fabric_operating_system | 8.2.2 |
| broadcom | fabric_operating_system | 8.2.1 |
| broadcom | fabric_operating_system | 8.2.1d |
| broadcom | fabric_operating_system | 8.2.2b |
| broadcom | fabric_operating_system | 8.2.1c |
| broadcom | fabric_operating_system | 8.2.2c |
| broadcom | fabric_operating_system | 8.2.1a |
| broadcom | fabric_operating_system | 8.2.2a1 |
| broadcom | fabric_operating_system | 8.2.1b |
Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 8.2.2a |
| broadcom | fabric_operating_system | 8.2.2 |
| broadcom | fabric_operating_system | 8.2.1 |
| broadcom | fabric_operating_system | 8.2.1d |
| broadcom | fabric_operating_system | 8.2.2b |
| broadcom | fabric_operating_system | 8.2.1c |
| broadcom | fabric_operating_system | 8.2.2c |
| broadcom | fabric_operating_system | 8.2.1a |
| broadcom | fabric_operating_system | 8.2.2a1 |
| broadcom | fabric_operating_system | 8.2.1b |
Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | sannav | * |
The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | sannav | * |
Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | sannav | * |
Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | sannav | * |
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 8.2.1 |
| broadcom | fabric_operating_system | 8.2.1d |
| broadcom | fabric_operating_system | 8.2.2b |
| broadcom | fabric_operating_system | 8.2.1c |
| broadcom | fabric_operating_system | 8.2.2c |
| broadcom | fabric_operating_system | * |
| broadcom | fabric_operating_system | 8.2.1a |
| broadcom | fabric_operating_system | 8.2.2a1 |
| broadcom | fabric_operating_system | 8.2.1b |
Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-312,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | sannav | * |
Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | 2.8 | 2.5 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | sannav | * |
Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 9.0.1 |
| broadcom | fabric_operating_system | 9.0.0b |
| broadcom | fabric_operating_system | 8.2.3 |
| broadcom | fabric_operating_system | 9.0.0a |
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N | 2.2 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-326,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 7.4.2d |
| broadcom | fabric_operating_system | 7.4.2f |
| broadcom | brocade_sannav | * |
| broadcom | fabric_operating_system | 7.4.2 |
| broadcom | fabric_operating_system | 7.4.2g |
| broadcom | fabric_operating_system | 7.4.2b |
| broadcom | fabric_operating_system | 8.2.1 |
| broadcom | fabric_operating_system | 7.4.2a |
| broadcom | fabric_operating_system | * |
| broadcom | fabric_operating_system | 7.4.2c |
| broadcom | fabric_operating_system | 8.2.1a |
| broadcom | fabric_operating_system | 8.2.1b |
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 8.2.0a |
| broadcom | fabric_operating_system | 8.2.3 |
| broadcom | fabric_operating_system | * |
| broadcom | fabric_operating_system | 8.2.0 |
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | solidfire_baseboard_management_controller_firmware | - |
| netapp | fabric-attached_storage_a400_firmware | - |
| netapp | h615c_firmware | - |
| netapp | h410c_firmware | - |
| linux | linux_kernel | * |
| netapp | aff_500f_firmware | - |
| netapp | fas_500f_firmware | - |
| netapp | aff_8700_firmware | - |
| netapp | h610s_firmware | - |
| netapp | h610c_firmware | - |
| netapp | fas_8300_firmware | - |
| netapp | a250_firmware | - |
| broadcom | brocade_fabric_operating_system_firmware | - |
| netapp | solidfire_&_hci_management_node | - |
| netapp | aff_8300_firmware | - |
| netapp | fas_8700_firmware | - |
| netapp | aff_a400_firmware | - |
| netapp | a700s_firmware | - |
| netapp | cloud_backup | - |
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | solidfire | - |
| broadcom | fabric_operating_system | - |
| openbsd | openssh | * |
| openbsd | openssh | 8.3 |
| netapp | hci_management_node | - |
| netapp | hci_compute_node | - |
| netapp | a700s_firmware | - |
| netapp | active_iq_unified_manager | * |
| netapp | hci_storage_node | - |
| netapp | steelstore_cloud_integrated_storage | - |
Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-edit' binary. This issue is different than CVE-2019-8381.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.3.2 |
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| canonical | ubuntu_linux | 16.04 |
| oracle | instantis_enterprisetrack | * |
| canonical | ubuntu_linux | 20.04 |
| broadcom | brocade_fabric_operating_system | - |
| oracle | communications_session_report_manager | 8.2.0 |
| apache | http_server | * |
| oracle | communications_session_route_manager | 8.2.1 |
| netapp | oncommand_unified_manager_core_package | - |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 18.04 |
| opensuse | leap | 15.1 |
| oracle | communications_element_manager | 8.2.0 |
| oracle | communications_session_report_manager | 8.1.1 |
| oracle | communications_session_route_manager | 8.1.1 |
| oracle | communications_session_route_manager | 8.2.0 |
| oracle | zfs_storage_appliance_kit | 8.8 |
| oracle | communications_element_manager | 8.2.1 |
| oracle | communications_session_report_manager | 8.2.1 |
| oracle | communications_element_manager | 8.1.1 |
| oracle | enterprise_manager_ops_center | 12.4.0.0 |
| oracle | sd-wan_aware | 8.2 |
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 31 |
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | - |
| fedoraproject | fedora | 32 |
| oracle | enterprise_manager_for_storage_management | 13.4.0.0 |
| oracle | enterprise_manager_base_platform | 13.4.0.0 |
| opensuse | leap | 15.2 |
| oracle | peoplesoft_enterprise_peopletools | 8.59 |
| oracle | enterprise_manager_for_storage_management | 13.3.0.0 |
| oracle | peoplesoft_enterprise_peopletools | 8.56 |
| oracle | enterprise_manager_ops_center | 12.4.0 |
| netapp | oncommand_workflow_automation | - |
| fedoraproject | fedora | 30 |
| debian | debian_linux | 9.0 |
| oracle | peoplesoft_enterprise_peopletools | 8.58 |
| opensuse | leap | 15.1 |
| oracle | http_server | 12.2.1.4.0 |
| netapp | snapcenter | - |
| oracle | peoplesoft_enterprise_peopletools | 8.57 |
| netapp | e-series_performance_analyzer | - |
| tenable | log_correlation_engine | * |
| jdedwards | enterpriseone | * |
| freebsd | freebsd | 12.1 |
| netapp | active_iq_unified_manager | * |
| oracle | mysql_connectors | * |
| oracle | application_server | 12.1.3 |
| openssl | openssl | * |
| oracle | mysql | * |
| netapp | oncommand_insight | - |
| oracle | jd_edwards_world_security | a9.4 |
| netapp | smi-s_provider | - |
| debian | debian_linux | 10.0 |
| oracle | mysql_enterprise_monitor | * |
| oracle | mysql_workbench | * |
| netapp | steelstore_cloud_integrated_storage | - |
| fedoraproject | fedora | 31 |
Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.3.2 |
An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| broadcom | tcpreplay | 4.3.3 |
| fedoraproject | fedora | 31 |
| fedoraproject | fedora | 33 |
An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 32 |
| broadcom | tcpreplay | 4.3.3 |
| fedoraproject | fedora | 31 |
| fedoraproject | fedora | 33 |
CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | unified_infrastructure_management | * |
CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-258,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_service_catalog | 17.3 |
| broadcom | ca_service_catalog | 17.2 |
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-416,CWE-667,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| netapp | solidfire_baseboard_management_controller_firmware | - |
| broadcom | fabric_operating_system | - |
| fedoraproject | fedora | 32 |
| netapp | h410c_firmware | - |
| linux | linux_kernel | * |
| netapp | a400_firmware | - |
| netapp | 8300_firmware | - |
| netapp | 8700_firmware | - |
| debian | debian_linux | 10.0 |
| netapp | a700s_firmware | - |
| debian | debian_linux | 9.0 |
| fedoraproject | fedora | 33 |
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-416,CWE-667,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| netapp | solidfire_baseboard_management_controller_firmware | - |
| broadcom | fabric_operating_system | - |
| fedoraproject | fedora | 32 |
| netapp | h410c_firmware | - |
| linux | linux_kernel | * |
| netapp | a400_firmware | - |
| netapp | 8300_firmware | - |
| netapp | 8700_firmware | - |
| oracle | tekelec_platform_distribution | * |
| debian | debian_linux | 10.0 |
| netapp | a700s_firmware | - |
| debian | debian_linux | 9.0 |
| fedoraproject | fedora | 33 |
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | solidfire_&_hci_management_node | - |
| netapp | solidfire,_enterprise_sds_&_hci_storage_node | - |
| fedoraproject | fedora | 32 |
| netapp | hci_compute_node_firmware | - |
| gnu | binutils | * |
| netapp | cloud_backup | - |
| netapp | ontap_select_deploy_administration_utility | - |
| broadcom | brocade_fabric_operating_system_firmware | - |
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H | 1.8 | 4.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-908,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | solidfire_&_hci_management_node | - |
| netapp | solidfire,_enterprise_sds_&_hci_storage_node | - |
| fedoraproject | fedora | 32 |
| netapp | hci_compute_node_firmware | - |
| gnu | binutils | * |
| netapp | cloud_backup | - |
| netapp | ontap_select_deploy_administration_utility | - |
| broadcom | brocade_fabric_operating_system_firmware | - |
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | solidfire_&_hci_management_node | - |
| netapp | solidfire,_enterprise_sds_&_hci_storage_node | - |
| fedoraproject | fedora | 32 |
| netapp | hci_compute_node_firmware | - |
| gnu | binutils | * |
| netapp | cloud_backup | - |
| netapp | ontap_select_deploy_administration_utility | - |
| broadcom | brocade_fabric_operating_system_firmware | - |
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | solidfire_&_hci_management_node | - |
| netapp | solidfire,_enterprise_sds_&_hci_storage_node | - |
| fedoraproject | fedora | 32 |
| netapp | hci_compute_node_firmware | - |
| gnu | binutils | * |
| netapp | cloud_backup | - |
| netapp | ontap_select_deploy_administration_utility | - |
| broadcom | brocade_fabric_operating_system_firmware | - |
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | solidfire_&_hci_management_node | - |
| netapp | solidfire,_enterprise_sds_&_hci_storage_node | - |
| broadcom | brocade_fabric_operating_system | - |
| netapp | hci_compute_node_firmware | - |
| gnu | binutils | * |
| netapp | cloud_backup | - |
| redhat | enterprise_linux | 8.0 |
| netapp | ontap_select_deploy_administration_utility | - |
VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | cloud_foundation | * |
| vmware | nsx-t_data_center | * |
| broadcom | vmware_nsx-t_data_center | * |
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | unified_infrastructure_management | * |
| broadcom | unified_infrastructure_management | 20.1 |
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | unified_infrastructure_management | * |
| broadcom | unified_infrastructure_management | 20.1 |
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | unified_infrastructure_management | * |
| broadcom | unified_infrastructure_management | 20.1 |
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H | 1.8 | 5.2 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 14.04 |
| netapp | active_iq_unified_manager | - |
| netapp | hci_baseboard_management_controller | h410c |
| linux | linux_kernel | * |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| netapp | cloud_backup | - |
| opensuse | leap | 15.1 |
| netapp | solidfire_baseboard_management_controller | - |
| debian | debian_linux | 8.0 |
| broadcom | brocade_fabric_operating_system_firmware | - |
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.3 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N | 1.0 | 5.2 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,CWE-59,CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | solidfire_&_hci_management_node | - |
| gnu | binutils | * |
| netapp | cloud_backup | - |
| redhat | enterprise_linux | 8.0 |
| netapp | ontap_select_deploy_administration_utility | - |
| broadcom | brocade_fabric_operating_system_firmware | - |
VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | nsx-t_data_center | 3.1.1 |
| broadcom | vmware_nsx-t_data_center | 3.1.1 |
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-359,CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 34 |
| broadcom | fabric_operating_system | - |
| fedoraproject | fedora | 32 |
| netapp | hci_management_node | - |
| netapp | hci_compute_node | - |
| splunk | universal_forwarder | 9.1.0 |
| oracle | communications_billing_and_revenue_management | 12.0.0.3.0 |
| siemens | sinec_infrastructure_network_services | * |
| oracle | essbase | 21.2 |
| netapp | solidfire | - |
| debian | debian_linux | 9.0 |
| haxx | libcurl | * |
| netapp | hci_storage_node | - |
| splunk | universal_forwarder | * |
| fedoraproject | fedora | 33 |
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.7 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N | 2.2 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-300,CWE-290,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 34 |
| broadcom | fabric_operating_system | - |
| fedoraproject | fedora | 32 |
| netapp | hci_management_node | - |
| splunk | universal_forwarder | 9.1.0 |
| oracle | communications_billing_and_revenue_management | 12.0.0.3.0 |
| siemens | sinec_infrastructure_network_services | * |
| oracle | essbase | 21.2 |
| netapp | solidfire | - |
| debian | debian_linux | 9.0 |
| haxx | libcurl | * |
| netapp | hci_storage_node | - |
| splunk | universal_forwarder | * |
| fedoraproject | fedora | 33 |
A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
| psirt@paloaltonetworks.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | solidfire_baseboard_management_controller_firmware | - |
| fedoraproject | fedora | 34 |
| fedoraproject | fedora | 32 |
| netapp | h700s_firmware | - |
| netapp | h700e_firmware | - |
| netapp | h410c_firmware | - |
| linux | linux_kernel | * |
| netapp | h300e_firmware | - |
| netapp | solidfire_&_hci_management_node | - |
| netapp | h300s_firmware | - |
| broadcom | brocade_fabric_operating_system | - |
| netapp | h500s_firmware | - |
| netapp | h500e_firmware | - |
| netapp | h410s_firmware | - |
| debian | debian_linux | 9.0 |
| netapp | cloud_backup | - |
| fedoraproject | fedora | 33 |
Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-208,CWE-203,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| intel | core_i9-9900k | - |
| intel | core_i7-10700k | - |
| intel | xeon_silver_4214 | - |
| debian | debian_linux | 10.0 |
| intel | core_i7-7700k | - |
| broadcom | bcm2711 | - |
| xen | xen | * |
| arm | cortex-a72 | - |
Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-208,CWE-203,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| intel | core_i9-9900k | - |
| intel | core_i7-10700k | - |
| fedoraproject | fedora | 34 |
| intel | xeon_silver_4214 | - |
| intel | core_i7-7700k | - |
| broadcom | bcm2711 | - |
| xen | xen | * |
| arm | cortex-a72 | - |
| fedoraproject | fedora | 33 |
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-681,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| fedoraproject | fedora | 34 |
| gnome | glib | * |
| netapp | e-series_performance_analyzer | - |
| debian | debian_linux | 9.0 |
| netapp | cloud_backup | - |
| fedoraproject | fedora | 33 |
| broadcom | brocade_fabric_operating_system_firmware | - |
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-681,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| fedoraproject | fedora | 34 |
| gnome | glib | * |
| netapp | e-series_performance_analyzer | - |
| debian | debian_linux | 9.0 |
| netapp | cloud_backup | - |
| fedoraproject | fedora | 33 |
| broadcom | brocade_fabric_operating_system_firmware | - |
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | 2.8 | 2.5 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 9.0.1 |
| broadcom | fabric_operating_system | 8.2.3 |
| broadcom | fabric_operating_system | 9.0.1a |
| broadcom | fabric_operating_system | * |
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 6.4 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H | 1.6 | 4.7 |
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem utilizing one of a few available binaries.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A vulnerability in Brocade Fabric OS versions 7.4.1b and 7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions 7.4.1.x and 7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life published report.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 7.4.1b |
| broadcom | fabric_operating_system | 7.3.1d |
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnome | glib | * |
| debian | debian_linux | 9.0 |
| fedoraproject | fedora | 33 |
| broadcom | brocade_fabric_operating_system_firmware | - |
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-426,CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ehealth | * |
CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-307,CWE-307,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ehealth | * |
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_advanced_secure_gateway_s200-30_firmware | * |
| broadcom | symantec_advanced_secure_gateway_s200-40_firmware | * |
| broadcom | symantec_advanced_secure_gateway_s400-40_firmware | * |
| broadcom | symantec_proxysg | * |
| broadcom | symantec_advanced_secure_gateway_s400-30_firmware | * |
| broadcom | symantec_advanced_secure_gateway_500-10_firmware | * |
| broadcom | symantec_advanced_secure_gateway_s400-20_firmware | * |
| broadcom | symantec_advanced_secure_gateway_s500-20_firmware | * |
A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious code into the OTK web UI client application.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | layer7_api_management_oauth_toolkit | * |
A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_messaging_gateway | * |
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | wget | * |
| netapp | 500f_firmware | - |
| netapp | cloud_backup | - |
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | a250_firmware | - |
| broadcom | brocade_fabric_operating_system_firmware | - |
A vulnerability exists in Broadcom BCM4352 and BCM43684 chips. Any wireless router using BCM4352 and BCM43684 will be affected, such as ASUS AX6100. An attacker may cause a Denial of Service (DoS) to any device connected to BCM4352 or BCM43684 routers via an association or reassociation frame.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.6 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 0.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | bcm4352_firmware | - |
| broadcom | bcm43684_firmware | - |
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| siemens | sinema_server | 14.0 |
| netapp | clustered_data_ontap | - |
| oracle | enterprise_manager_base_platform | 13.4.0.0 |
| debian | debian_linux | 11.0 |
| siemens | sinec_nms | * |
| broadcom | brocade_fabric_operating_system_firmware | - |
| tenable | tenable.sc | * |
| oracle | http_server | 12.2.1.3.0 |
| apache | http_server | * |
| debian | debian_linux | 9.0 |
| fedoraproject | fedora | 35 |
| oracle | peoplesoft_enterprise_peopletools | 8.58 |
| netapp | cloud_backup | - |
| siemens | ruggedcom_nms | * |
| oracle | http_server | 12.2.1.4.0 |
| fedoraproject | fedora | 34 |
| oracle | instantis_enterprisetrack | 17.3 |
| oracle | zfs_storage_appliance_kit | 8.8 |
| netapp | storagegrid | - |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 1.10.0 |
| debian | debian_linux | 10.0 |
| oracle | enterprise_manager_base_platform | 13.5.0.0 |
| oracle | instantis_enterprisetrack | 17.2 |
| siemens | sinema_remote_connect_server | * |
| oracle | instantis_enterprisetrack | 17.1 |
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | clustered_data_ontap | - |
| fedoraproject | fedora | 34 |
| oracle | enterprise_manager_base_platform | 13.4.0.0 |
| oracle | instantis_enterprisetrack | 17.3 |
| oracle | zfs_storage_appliance_kit | 8.8 |
| netapp | storagegrid | - |
| debian | debian_linux | 11.0 |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 1.10.0 |
| broadcom | brocade_fabric_operating_system_firmware | - |
| oracle | http_server | 12.2.1.3.0 |
| debian | debian_linux | 10.0 |
| apache | http_server | * |
| debian | debian_linux | 9.0 |
| oracle | enterprise_manager_base_platform | 13.5.0.0 |
| fedoraproject | fedora | 35 |
| oracle | peoplesoft_enterprise_peopletools | 8.58 |
| netapp | cloud_backup | - |
| oracle | instantis_enterprisetrack | 17.2 |
| oracle | instantis_enterprisetrack | 17.1 |
| oracle | http_server | 12.2.1.4.0 |
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.0 | CRITICAL | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H | 2.2 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-918,CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| f5 | f5os | * |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 7.7 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_eus | 8.8 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.6 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.2 |
| broadcom | brocade_fabric_operating_system_firmware | - |
| redhat | enterprise_linux_server_aus | 8.4 |
| redhat | enterprise_linux_for_arm_64 | 8.0 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.8 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 7.6 |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.8 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.6 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | 7.7 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.1 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 8.8 |
| redhat | enterprise_linux_eus | 8.4 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.4 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 8.6 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 8.1 |
| redhat | enterprise_linux_for_ibm_z_systems_eus_s390x | 8.2 |
| redhat | enterprise_linux_eus | 8.2 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_for_power_big_endian | 7.0 |
| redhat | enterprise_linux_server_tus | 8.8 |
| redhat | enterprise_linux_workstation | 7.0 |
| siemens | sinema_remote_connect_server | 3.2 |
| redhat | enterprise_linux_for_power_little_endian | 7.0 |
| redhat | enterprise_linux_for_scientific_computing | 7.0 |
| redhat | enterprise_linux | 8.0 |
| oracle | instantis_enterprisetrack | 17.2 |
| oracle | instantis_enterprisetrack | 17.1 |
| redhat | enterprise_linux_server_aus | 8.6 |
| siemens | sinema_server | 14.0 |
| netapp | clustered_data_ontap | - |
| redhat | software_collections | 1.0 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 8.1 |
| debian | debian_linux | 11.0 |
| siemens | sinec_nms | * |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.2 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 8.4 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_server_tus | 8.6 |
| redhat | enterprise_linux_server_aus | 7.7 |
| tenable | tenable.sc | * |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.1 |
| oracle | http_server | 12.2.1.3.0 |
| redhat | enterprise_linux_server_aus | 7.4 |
| apache | http_server | * |
| redhat | enterprise_linux_for_ibm_z_systems | 7.0_s390x |
| debian | debian_linux | 9.0 |
| fedoraproject | fedora | 35 |
| redhat | enterprise_linux_for_arm_64_eus | 8.8 |
| netapp | cloud_backup | - |
| siemens | ruggedcom_nms | * |
| redhat | enterprise_linux_for_arm_64_eus | 8.6 |
| resf | rocky_linux | 8.0 |
| oracle | http_server | 12.2.1.4.0 |
| redhat | enterprise_linux_for_power_little_endian | 8.0 |
| fedoraproject | fedora | 34 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.4 |
| oracle | secure_global_desktop | 5.6 |
| oracle | instantis_enterprisetrack | 17.3 |
| oracle | zfs_storage_appliance_kit | 8.8 |
| redhat | enterprise_linux_server_aus | 7.2 |
| netapp | storagegrid | - |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | 7.6 |
| redhat | jboss_core_services | 1.0 |
| redhat | enterprise_linux_server_tus | 7.7 |
| redhat | enterprise_linux_server_aus | 7.6 |
| oracle | enterprise_manager_ops_center | 12.4.0.0 |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 8.4 |
| debian | debian_linux | 10.0 |
| redhat | enterprise_linux_eus | 8.1 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 8.8 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 8.2 |
| siemens | sinema_remote_connect_server | * |
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | h300s_firmware | - |
| netapp | h700s_firmware | - |
| netapp | h500s_firmware | - |
| netapp | h410c_firmware | - |
| linux | linux_kernel | * |
| netapp | h410s_firmware | - |
| oracle | communications_cloud_native_core_binding_support_function | 22.2.0 |
| debian | debian_linux | 10.0 |
| oracle | communications_cloud_native_core_binding_support_function | 22.1.3 |
| oracle | communications_cloud_native_core_binding_support_function | 22.1.1 |
| broadcom | brocade_fabric_operating_system_firmware | - |
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that could allow a user to attempt various attacks. In non-secure mode, the user is unauthenticated
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | emulex_hba_manager | * |
| broadcom | one_command_manager | * |
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | emulex_hba_manager | * |
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks. In non-secure mode, the user is unauthenticated.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | emulex_hba_manager | * |
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In non-secure mode, the user is unauthenticated.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | emulex_hba_manager | * |
CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_network_flow_analysis | * |
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.3.4 |
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.3.4 |
Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-444,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | advanced_secure_gateway | 7.3 |
| broadcom | proxysg | 6.7 |
| broadcom | advanced_secure_gateway | 6.7 |
| broadcom | proxysg | 7.3 |
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | h700s_firmware | - |
| netapp | h410c_firmware | - |
| debian | debian_linux | 11.0 |
| netapp | aff_8700_firmware | - |
| netapp | h610s_firmware | - |
| siemens | sinec_ins | 1.0 |
| broadcom | sannav | - |
| netapp | fas_8700_firmware | - |
| netapp | aff_a400_firmware | - |
| fedoraproject | fedora | 36 |
| netapp | snapmanager | - |
| netapp | fas_a400_firmware | - |
| fedoraproject | fedora | 35 |
| netapp | h615c_firmware | - |
| netapp | element_software | - |
| netapp | hci_management_node | - |
| netapp | h610c_firmware | - |
| siemens | sinec_ins | * |
| netapp | fas_8300_firmware | - |
| netapp | bootstrap_os | - |
| netapp | solidfire | - |
| netapp | h300s_firmware | - |
| netapp | aff_8300_firmware | - |
| openssl | openssl | * |
| netapp | h500s_firmware | - |
| netapp | h410s_firmware | - |
| netapp | smi-s_provider | - |
| debian | debian_linux | 10.0 |
| netapp | santricity_smi-s_provider | - |
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | ontap_antivirus_connector | - |
CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-1236,CWE-1236,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_harvest_software_change_manager | 13.0.4 |
| broadcom | ca_harvest_software_change_manager | 13.0.3 |
| broadcom | ca_harvest_software_change_manager | 14.0.1 |
| broadcom | ca_harvest_software_change_manager | 14.0.0 |
NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | netmaster_network_management_for_tcp/ip | 12.2 |
| broadcom | netmaster_file_transfer_management | 12.2 |
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-502,CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | communications_unified_inventory_management | 7.4.2 |
| apache | log4j | * |
| oracle | business_intelligence | 5.9.0.0.0 |
| oracle | healthcare_foundation | 8.1.0 |
| oracle | enterprise_manager_base_platform | 13.4.0.0 |
| broadcom | brocade_sannav | - |
| oracle | communications_offline_mediation_controller | 12.0.0.5.0 |
| oracle | advanced_supply_chain_planning | 12.1 |
| oracle | middleware_common_libraries_and_tools | 12.2.1.4.0 |
| oracle | identity_management_suite | 12.2.1.4.0 |
| oracle | business_intelligence | 12.2.1.3.0 |
| oracle | business_intelligence | 12.2.1.4.0 |
| oracle | communications_unified_inventory_management | 7.4.1 |
| oracle | financial_services_revenue_management_and_billing_analytics | 2.8.0.0 |
| netapp | snapmanager | - |
| oracle | weblogic_server | 12.2.1.3.0 |
| oracle | hyperion_infrastructure_technology | * |
| oracle | business_process_management_suite | 12.2.1.4.0 |
| oracle | identity_management_suite | 12.2.1.3.0 |
| qos | reload4j | * |
| oracle | financial_services_revenue_management_and_billing_analytics | 2.7.0.0 |
| oracle | financial_services_revenue_management_and_billing_analytics | 2.7.0.1 |
| oracle | tuxedo | 12.2.2.0.0 |
| oracle | communications_network_integrity | 7.3.6 |
| oracle | business_process_management_suite | 12.2.1.3.0 |
| oracle | jdeveloper | 12.2.1.3.0 |
| oracle | e-business_suite_cloud_manager_and_cloud_backup_module | * |
| oracle | identity_manager_connector | 11.1.1.5.0 |
| oracle | advanced_supply_chain_planning | 12.2 |
| oracle | communications_offline_mediation_controller | * |
| oracle | communications_messaging_server | 8.1 |
| oracle | weblogic_server | 12.2.1.4.0 |
| oracle | mysql_enterprise_monitor | * |
| oracle | communications_eagle_ftp_table_base_retrieval | 4.5 |
| oracle | communications_instant_messaging_server | 10.0.1.5.0 |
| oracle | enterprise_manager_base_platform | 13.5.0.0 |
| oracle | e-business_suite_cloud_manager_and_cloud_backup_module | 2.2.1.1.1 |
| oracle | weblogic_server | 14.1.1.0.0 |
| oracle | hyperion_data_relationship_management | * |
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | communications_unified_inventory_management | 7.4.2 |
| apache | log4j | * |
| oracle | business_intelligence | 5.9.0.0.0 |
| oracle | healthcare_foundation | 8.1.0 |
| oracle | enterprise_manager_base_platform | 13.4.0.0 |
| broadcom | brocade_sannav | - |
| oracle | communications_offline_mediation_controller | 12.0.0.5.0 |
| oracle | advanced_supply_chain_planning | 12.1 |
| oracle | retail_extract_transform_and_load | 13.2.5 |
| oracle | middleware_common_libraries_and_tools | 12.2.1.4.0 |
| oracle | identity_management_suite | 12.2.1.4.0 |
| oracle | business_intelligence | 12.2.1.3.0 |
| oracle | business_intelligence | 12.2.1.4.0 |
| oracle | communications_unified_inventory_management | 7.4.1 |
| oracle | financial_services_revenue_management_and_billing_analytics | 2.8.0.0 |
| netapp | snapmanager | - |
| oracle | weblogic_server | 12.2.1.3.0 |
| oracle | hyperion_infrastructure_technology | * |
| oracle | business_process_management_suite | 12.2.1.4.0 |
| oracle | identity_management_suite | 12.2.1.3.0 |
| qos | reload4j | * |
| oracle | financial_services_revenue_management_and_billing_analytics | 2.7.0.0 |
| oracle | e-business_suite_information_discovery | * |
| oracle | financial_services_revenue_management_and_billing_analytics | 2.7.0.1 |
| oracle | tuxedo | 12.2.2.0.0 |
| oracle | communications_network_integrity | 7.3.6 |
| oracle | business_process_management_suite | 12.2.1.3.0 |
| oracle | jdeveloper | 12.2.1.3.0 |
| oracle | e-business_suite_cloud_manager_and_cloud_backup_module | * |
| oracle | identity_manager_connector | 11.1.1.5.0 |
| oracle | advanced_supply_chain_planning | 12.2 |
| oracle | communications_offline_mediation_controller | * |
| oracle | communications_messaging_server | 8.1 |
| oracle | weblogic_server | 12.2.1.4.0 |
| oracle | mysql_enterprise_monitor | * |
| oracle | communications_eagle_ftp_table_base_retrieval | 4.5 |
| oracle | communications_instant_messaging_server | 10.0.1.5.0 |
| oracle | enterprise_manager_base_platform | 13.5.0.0 |
| oracle | e-business_suite_cloud_manager_and_cloud_backup_module | 2.2.1.1.1 |
| oracle | weblogic_server | 14.1.1.0.0 |
| oracle | hyperion_data_relationship_management | * |
XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | xcom_data_transport | 11.6 |
tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.4.1 |
A malicious unauthorized PAM user can access the administration configuration data and change the values.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_privileged_access_management | * |
An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_identity_governance_and_administration | 14.4 |
| broadcom | symantec_identity_governance_and_administration | 14.3 |
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_identity_governance_and_administration | 14.4 |
| broadcom | symantec_identity_governance_and_administration | 14.3 |
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_identity_governance_and_administration | 14.4 |
| broadcom | symantec_identity_governance_and_administration | 14.3 |
Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_endpoint_protection | * |
Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.4.1 |
Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.4.1 |
tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 36 |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 35 |
| broadcom | tcpreplay | 4.4.1 |
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 36 |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 35 |
| broadcom | tcpreplay | 4.4.1 |
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 36 |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 35 |
| broadcom | tcpreplay | 4.4.1 |
tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 36 |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 35 |
| broadcom | tcpreplay | 4.4.1 |
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-312,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | sannav | * |
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | sannav | * |
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-327,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | sannav | * |
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | sannav | * |
In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-327,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | sannav | * |
Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | sannav | * |
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-922,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | sannav | * |
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N | 2.0 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 9.1.0 |
| broadcom | fabric_operating_system | * |
Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 36 |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 35 |
| broadcom | tcpreplay | 4.4.1 |
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 2.0 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 9.1.0 |
| broadcom | fabric_operating_system | * |
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 9.1.0 |
| broadcom | fabric_operating_system | * |
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 9.1.0 |
| broadcom | fabric_operating_system | * |
A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-91,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_clarity | * |
| broadcom | ca_clarity | 15.9.0 |
CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_automic_automation | 12.2 |
| broadcom | ca_automic_automation | 12.3 |
CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_automic_automation | 12.2 |
| broadcom | ca_automic_automation | 12.3 |
CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_automic_automation | 12.2 |
| broadcom | ca_automic_automation | 12.3 |
CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_automic_automation | 12.2 |
| broadcom | ca_automic_automation | 12.3 |
CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_automic_automation | 12.2 |
| broadcom | ca_automic_automation | 12.3 |
CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_automic_automation | 12.2 |
| broadcom | ca_automic_automation | 12.3 |
CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-331,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | ca_automic_automation | 12.2 |
| broadcom | ca_automic_automation | 12.3 |
Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_endpoint_protection | * |
Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_endpoint_protection | * |
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 36 |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 35 |
| broadcom | tcpreplay | 4.4.1 |
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 36 |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 35 |
| broadcom | tcpreplay | 4.4.1 |
The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 36 |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 35 |
| broadcom | tcpreplay | 4.4.1 |
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N | 0.8 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 6.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N | 2.3 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 5.7 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N | 2.1 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | nsx-t_data_center | * |
| broadcom | vmware_nsx-t_data_center | * |
An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_identity_governance_and_administration | 14.3 |
| broadcom | symantec_identity_governance_and_administration | 14.4.1 |
| broadcom | symantec_identity_governance_and_administration | 14.4.2 |
| broadcom | symantec_identity_manager | 14.3 |
| broadcom | symantec_identity_manager | 14.4 |
User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_identity_governance_and_administration | 14.3 |
| broadcom | symantec_identity_governance_and_administration | 14.4.1 |
| broadcom | symantec_identity_governance_and_administration | 14.4.2 |
| broadcom | symantec_identity_manager | 14.3 |
| broadcom | symantec_identity_manager | 14.4 |
Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_identity_governance_and_administration | 14.3 |
| broadcom | symantec_identity_governance_and_administration | 14.4.1 |
| broadcom | symantec_identity_governance_and_administration | 14.4.2 |
| broadcom | symantec_identity_manager | 14.3 |
| broadcom | symantec_identity_manager | 14.4 |
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | content_analysis | * |
| broadcom | advanced_secure_gateway | * |
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | content_analysis | * |
| broadcom | advanced_secure_gateway | * |
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | content_analysis | * |
| broadcom | advanced_secure_gateway | * |
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | content_analysis | * |
| broadcom | advanced_secure_gateway | * |
A user can supply malicious HTML and JavaScript code that will be executed in the client browser
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_siteminder_webagent | 12.52 |
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| netapp | h300s_firmware | - |
| netapp | h700s_firmware | - |
| fedoraproject | fedora | 36 |
| netapp | h500s_firmware | - |
| netapp | h410s_firmware | - |
| haxx | curl | * |
| splunk | universal_forwarder | * |
| splunk | universal_forwarder | 9.1.0 |
| broadcom | brocade_fabric_operating_system_firmware | - |
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.2 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | clustered_data_ontap | 9.0 |
| netapp | active_iq_unified_manager | - |
| netapp | h300s_firmware | - |
| haxx | libcurl | 7.88.0 |
| netapp | h700s_firmware | - |
| haxx | libcurl | 7.88.1 |
| netapp | h500s_firmware | - |
| netapp | h410s_firmware | - |
| splunk | universal_forwarder | * |
| splunk | universal_forwarder | 9.1.0 |
| broadcom | brocade_fabric_operating_system_firmware | - |
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| netapp | h700s_firmware | - |
| splunk | universal_forwarder | 9.1.0 |
| broadcom | brocade_fabric_operating_system_firmware | - |
| netapp | clustered_data_ontap | 9.0 |
| netapp | h300s_firmware | - |
| fedoraproject | fedora | 36 |
| netapp | h500s_firmware | - |
| netapp | h410s_firmware | - |
| debian | debian_linux | 10.0 |
| haxx | libcurl | * |
| splunk | universal_forwarder | * |
An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.4.3 |
An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.4.3 |
An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.4.3 |
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.4.3 |
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.4.3 |
An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the ports2PORT function at the portmap.c:69 endpoint.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.4.3 |
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.4.3 |
An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM. This can also be used to bypass kernel-level protections such as AV or PPL, because exploit code runs with high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable driver) ransomware campaigns.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | lsi_pci-sv92ex_firmware | * |
Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an already collected Brocade SANnav "supportsave" outputs.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
| sirt@brocade.com | 5.7 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N | 2.1 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| sirt@brocade.com | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 9.1.0 |
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 6.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N | 2.3 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_fabric_operating_system | * |
| broadcom | brocade_fabric_operating_system | 9.2.0 |
Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_fabric_operating_system | * |
| broadcom | brocade_fabric_operating_system | 9.2.0 |
A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_fabric_operating_system | * |
| broadcom | brocade_fabric_operating_system | 9.2.0 |
Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_fabric_operating_system | * |
Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
| sirt@brocade.com | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | 2.8 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 1.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_fabric_operating_system | * |
An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_fabric_operating_system | * |
A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 6.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 2.8 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_fabric_operating_system | * |
Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 8.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L | 3.9 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
| sirt@brocade.com | 8.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N | 3.9 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 9.2.0 |
Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | clarity | 14.3.0.298 |
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| apple | macos | * |
| broadcom | fabric_operating_system | - |
| fedoraproject | fedora | 40 |
| debian | debian_linux | 10.0 |
| apache | http_server | * |
| netapp | ontap_tools | 10 |
| fedoraproject | fedora | 38 |
| netapp | ontap | 9 |
| fedoraproject | fedora | 39 |
In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 0.8 | 3.6 |
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 0.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.4.4 |
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 |
| broadcom | tcpreplay | 4.4.3 |
| fedoraproject | fedora | 39 |
Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.4.4 |
| fedoraproject | fedora | 40 |
| fedoraproject | fedora | 38 |
| fedoraproject | fedora | 39 |
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Broadcom RAID Controller Web server (nginx) is serving private files without any authentication
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 |
Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName contains reserved characters. This could allow an authenticated user to alter the UI of the Brocade Switch and change ports display.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with administrative privileges could retrieve sensitive information including passwords; SNMP responses that contain AuthSecret and PrivSecret after collecting a “supportsave” or getting access to an already collected “supportsave”. NOTE: this issue exists because of an incomplete fix for CVE-2024-29952
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N | 1.1 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a successful exploit, an attacker can read Brocade SANnav data stream that includes monitored Brocade Fabric OS switches performance data, port status, zoning information, WWNs, IP Addresses, but no customer data, no personal data and no secrets or passwords, as it travels across the network.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.4.4 |
A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| disclosures@exodusintel.com | 10.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | 3.9 | 6.0 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_deployment_solutions | 7.9 |
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| disclosures@exodusintel.com | 10.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N | 3.9 | 5.8 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_messaging_gateway | * |
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| disclosures@exodusintel.com | 10.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | 3.9 | 6.0 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_messaging_gateway | * |
A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| disclosures@exodusintel.com | 10.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | 3.9 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_server_management_suite | * |
A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| disclosures@exodusintel.com | 9.6 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H | 2.8 | 6.0 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_data_center_security_server | * |
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| apple | macos | * |
| broadcom | fabric_operating_system | - |
| fedoraproject | fedora | 40 |
| debian | debian_linux | 10.0 |
| apache | http_server | * |
| netapp | ontap_tools | 10 |
| fedoraproject | fedora | 38 |
| netapp | ontap | 9 |
| fedoraproject | fedora | 39 |
By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 6.8 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | 2.3.1 |
| broadcom | brocade_sannav | * |
The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 5.7 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.1 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded passwords.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 5.9 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N | 1.5 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 5.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N | 1.3 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to acquiring the encryption key.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 8.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N | 3.9 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 8.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H | 3.9 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java binary.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 8.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N | 3.9 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 6.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N | 2.3 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to these files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access the database structure and its contents.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 7.7 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N | 3.1 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | - |
| freeradius | freeradius | * |
| sonicwall | sonicos | - |
| broadcom | brocade_sannav | - |
A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_privileged_access_management | * |
Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 8.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N | 3.9 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 9.4 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H | 3.9 | 5.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 1 queries to an affected device.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| sirt@brocade.com | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N | 2.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANnav.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key. Note: The vulnerability is only triggered during a migration and not in a new installation. The system audit logs are accessible only to a privileged user on the server. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | sannav | * |
Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the database password.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | sannav | * |
Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the switch admin password.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | sannav | * |
A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade SANnav database password.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | sannav | * |
A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of database tables and encrypted passwords.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | sannav | * |
Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H | 1.7 | 5.3 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | cloud_foundation | * |
| vmware | telco_cloud_platform | * |
| broadcom | vmware_nsx | * |
| broadcom | vmware_nsx | 4.2.2 |
| vmware | telco_cloud_infrastructure | * |
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 6.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N | 1.7 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | cloud_foundation | * |
| vmware | telco_cloud_platform | * |
| broadcom | vmware_nsx | * |
| broadcom | vmware_nsx | 4.2.2 |
| vmware | telco_cloud_infrastructure | * |
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L | 1.7 | 3.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | cloud_foundation | * |
| vmware | telco_cloud_platform | * |
| broadcom | vmware_nsx | * |
| broadcom | vmware_nsx | 4.2.2 |
| vmware | telco_cloud_infrastructure | * |
The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. The PGPOOL_SR_CHECK_USER is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at trust level. This allows to log into a PostgreSQL database using the repgmr user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the bitnami/postgres-ha Kubernetes Helm chart.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | bitnami | * |
| broadcom | bitnami/pgpool | * |
| broadcom | bitnami_popool | * |
Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources that are normally protected from an application or user.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
| secure@symantec.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_endpoint_protection | * |
| broadcom | symantec_eraser_engine | * |
A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files outside the intended directory potentially leading to the disclosure of sensitive information. Note: Admin level privilege is required on the switch in order to exploit
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | rabbitmq_server | * |
A heap-buffer-overflow vulnerability exists in the tcpliveplay utility of the tcpreplay-4.5.1. When a crafted pcap file is processed, the program incorrectly handles memory in the checksum calculation logic at do_checksum_math_liveplay in tcpliveplay.c, leading to a possible denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.5.1 |
Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2.c. This vulnerability is triggered when tcpedit_dlt_cleanup() indirectly invokes the cleanup routine multiple times on the same memory region. By supplying a specifically crafted pcap file to the tcprewrite binary, a local attacker can exploit this flaw to cause a Denial of Service (DoS) via memory corruption.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.5.1 |
Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line passwords using commands that may expose higher privilege sensitive information by a lower privileged user.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands as root using “supportsave”, “seccertmgmt”, “configupload” command.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_sannav | * |
Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Path Traversal.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | dx_netops_spectrum | * |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | dx_netops_spectrum | * |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects DX NetOps Spectrum: 23.3.6 and earlier.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | dx_netops_spectrum | * |
Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | dx_netops_spectrum | * |
Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | dx_netops_spectrum | * |
Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | dx_netops_spectrum | * |
Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.This issue affects DX NetOps Spectrum: 24.3.10 and earlier.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | dx_netops_spectrum | * |
Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.This issue affects DX NetOps Spectrum: 24.3.10 and earlier.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | dx_netops_spectrum | * |
Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | dx_netops_spectrum | * |
Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.This issue affects DX NetOps Spectrum: 24.3.13 and earlier.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | dx_netops_spectrum | * |
Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_pgp_encryption | 11.0.1 |
A stored Cross-Site Scripting vulnerability (XSS) occurs when the server does not properly validate or encode the data entered by the user.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | symantec_pgp_encryption | 11.0.1 |
A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The researcher is able to reproduce this with the latest official release 4.5.1 and the current master branch. The code maintainer cannot reproduce this for 4.5.2-beta1. In his reply the maintainer explains that "[i]n that case, this is a duplicate that was fixed in 4.5.2."
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 3.1 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.6 | 1.4 |
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.2 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,CWE-122,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.5.1 |
A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpedit_post_args of the file /src/tcpedit/parse_args.c. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. Upgrading to version 4.5.2-beta2 is recommended to address this issue. Upgrading the affected component is advised. The vendor explains, that he was "[a]ble to reproduce in 6fcbf03 but not in 4.5.2-beta2".
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| cna@vuldb.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-404,CWE-476,CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | * |
A flaw has been found in appneta tcpreplay up to 4.5.1. The affected element is the function fix_ipv6_checksums of the file edit_packet.c of the component tcprewrite. This manipulation causes use after free. The attack is restricted to local execution. The exploit has been published and may be used. Upgrading to version 4.5.2-beta3 is sufficient to fix this issue. It is advisable to upgrade the affected component.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 1.8 | 3.4 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,CWE-416,CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | * |
A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.2-beta3 is sufficient to resolve this issue. You should upgrade the affected component.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| cna@vuldb.com | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 1.8 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,CWE-416,CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | * |
A security vulnerability has been detected in appneta tcpreplay 4.5.1. Impacted is the function calc_sleep_time of the file send_packets.c. Such manipulation leads to divide by zero. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. Upgrading to version 4.5.3-beta3 is recommended to address this issue. It is advisable to upgrade the affected component. The vendor confirms in a GitHub issue reply: "Was able to reproduce in 6fcbf03 but NOT 4.5.3-beta3."
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| cna@vuldb.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-369,CWE-404,CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | tcpreplay | 4.5.1 |
A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “root” using the export option of seccertmgmt and seccryptocfg commands.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | * |
A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 10.0.0 |
| broadcom | fabric_operating_system | * |
Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches within the fabric.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | brocade_active_support_connectivity_gateway | 3.4.0 |