MidnightBSD

Advisories for broadcom

CVE-1999-0355 MEDIUM

Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom controlit 4.5
CVE-1999-1049 HIGH

ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom arcserve_backup *
CVE-1999-1322 MEDIUM

The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom arcserve_backup *
broadcom inoculan *
microsoft exchange_server *
CVE-1999-1368 HIGH

AV Option for MS Exchange Server option for InoculateIT 4.53, and possibly other versions, only scans the Inbox folder tree of a Microsoft Exchange server, which could allow viruses to escape detection if a user's rules cause the message to be moved to a different mailbox.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom inoculateit 4.53
CVE-2000-0559 LOW

eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows local users to easily decrypt the passwords.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_intrusion_detection *
CVE-2000-0762 HIGH

The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_access_control 4.1
broadcom etrust_access_control 5.0
ca etrust_access_control 5.0
ca etrust_access_control 4.1
CVE-2000-1244 HIGH

Computer Associates InoculateIT Agent for Exchange Server does not recognize an e-mail virus attachment if the SMTP header is missing the "From" field, which allows remote attackers to bypass virus protection.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom inoculateit_agent_for_exchange *
CVE-2001-0382 HIGH

Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak encryption for passwords, which allows a remote attacker to gain privileges on the application.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom ccc_harvest 5.0
CVE-2001-0625 HIGH

ftpdownload in Computer Associates InoculateIT 6.0 allows a local attacker to overwrite arbitrary files via a symlink attack on /tmp/ftpdownload.log .

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom inoculateit 6.0
CVE-2001-0959 MEDIUM

Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom arcserve_backup 6.61
ca arcserve_backup_2000 *
broadcom arcserve_backup_2000 *
CVE-2001-0960 HIGH

Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom arcserve_backup 6.61
ca arcserve_backup_2000 *
broadcom arcserve_backup_2000 *
CVE-2001-1346 LOW

Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom arcserve_backup 6.61
ca arcserve_backup 6.63
CVE-2002-1598 MEDIUM

Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and earlier may allow local users to execute arbitrary code via long command line arguments to (1) mlclear or (2) mllock.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom mlink 6.5
CVE-2002-2285 MEDIUM

eTrust InoculateIT 6.0 with the "Incremental Scan" option enabled may certify that a file is free of viruses before the file has been completely downloaded, which allows remote attackers to bypass virus detection.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,

Products Affected

Vendor Product Version
broadcom inoculateit 6.0
CVE-2003-0996 MEDIUM

Unknown "System Security Vulnerability" in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to gain privileges via the help interface.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom unicenter_remote_control_host 6.0
CVE-2003-0997 MEDIUM

Unknown "Denial of Service Attack" vulnerability in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to cause a denial of service (CPU consumption in URC host service).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom unicenter_remote_control_host 6.0
CVE-2003-0998 MEDIUM

Unknown "potential system security vulnerability" in Computer Associates (CA) Unicenter Remote Control 5.0 through 5.2, and ControlIT 5.0 and 5.1, may allow attackers to gain privileges to the local system account.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom unicenter_remote_control 5.2
ca controlit 5.0
broadcom unicenter_remote_control_option 5.1
broadcom unicenter_remote_control_option 5.0
ca controlit 5.1
broadcom unicenter_remote_control 6.0
ca unicenter_remote_control_option 5.1
CVE-2004-0267 LOW

The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust InoculateIT for Linux 6.0 allow local users to overwrite arbitrary files via a symlink attack on files in /tmp.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom inoculateit 6.0
CVE-2004-0932 HIGH

McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_intrusion_detection 1.4.1.13
broadcom etrust_antivirus 7.0
kaspersky_lab kaspersky_anti-virus 5.0
sophos sophos_anti-virus 3.82
broadcom etrust_secure_content_manager 1.0
sophos sophos_anti-virus 3.4.6
ca etrust_secure_content_manager 1.0
mcafee antivirus_engine 4.3.20
broadcom etrust_ez_antivirus 6.3
sophos sophos_anti-virus 3.83
sophos sophos_anti-virus 3.80
suse suse_linux 9.2
eset_software nod32_antivirus 1.0.13
sophos sophos_anti-virus 3.78
sophos sophos_small_business_suite 1.0
broadcom etrust_antivirus 7.1
mandrakesoft mandrake_linux 10.1
broadcom etrust_ez_armor 2.0
kaspersky_lab kaspersky_anti-virus 4.0
eset_software nod32_antivirus 1.0.11
sophos sophos_anti-virus 3.81
gentoo linux *
eset_software nod32_antivirus 1.0.12
broadcom brightstor_arcserve_backup 11.1
broadcom etrust_ez_antivirus 6.1
broadcom etrust_ez_antivirus 6.2
rav_antivirus rav_antivirus_desktop 8.6
broadcom etrust_antivirus_gateway 7.1
broadcom inoculateit 6.0
broadcom etrust_ez_armor 2.4
broadcom etrust_intrusion_detection 1.4.5
rav_antivirus rav_antivirus_for_mail_servers 8.4.2
sophos sophos_anti-virus 3.86
sophos sophos_anti-virus 3.79
broadcom etrust_secure_content_manager 1.1
broadcom etrust_ez_armor 2.3
gentoo linux 1.4
broadcom etrust_antivirus_gateway 7.0
sophos sophos_anti-virus 3.78d
sophos sophos_anti-virus 3.84
sophos sophos_anti-virus 3.85
broadcom etrust_intrusion_detection 1.5
kaspersky_lab kaspersky_anti-virus 3.0
archive_zip archive_zip 1.13
ca etrust_antivirus 7.0_sp2
rav_antivirus rav_antivirus_for_file_servers 1.0
sophos sophos_puremessage_anti-virus 4.6
CVE-2004-0933 HIGH

Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_intrusion_detection 1.4.1.13
broadcom etrust_antivirus 7.0
kaspersky_lab kaspersky_anti-virus 5.0
sophos sophos_anti-virus 3.82
broadcom etrust_secure_content_manager 1.0
sophos sophos_anti-virus 3.4.6
ca etrust_secure_content_manager 1.0
mcafee antivirus_engine 4.3.20
broadcom etrust_ez_antivirus 6.3
sophos sophos_anti-virus 3.83
sophos sophos_anti-virus 3.80
suse suse_linux 9.2
eset_software nod32_antivirus 1.0.13
sophos sophos_anti-virus 3.78
sophos sophos_small_business_suite 1.0
broadcom etrust_antivirus 7.1
mandrakesoft mandrake_linux 10.1
broadcom etrust_ez_armor 2.0
kaspersky_lab kaspersky_anti-virus 4.0
eset_software nod32_antivirus 1.0.11
sophos sophos_anti-virus 3.81
gentoo linux *
eset_software nod32_antivirus 1.0.12
broadcom brightstor_arcserve_backup 11.1
broadcom etrust_ez_antivirus 6.1
broadcom etrust_ez_antivirus 6.2
rav_antivirus rav_antivirus_desktop 8.6
broadcom etrust_antivirus_gateway 7.1
broadcom inoculateit 6.0
broadcom etrust_ez_armor 2.4
broadcom etrust_intrusion_detection 1.4.5
rav_antivirus rav_antivirus_for_mail_servers 8.4.2
sophos sophos_anti-virus 3.86
sophos sophos_anti-virus 3.79
broadcom etrust_secure_content_manager 1.1
broadcom etrust_ez_armor 2.3
gentoo linux 1.4
broadcom etrust_antivirus_gateway 7.0
sophos sophos_anti-virus 3.78d
sophos sophos_anti-virus 3.84
sophos sophos_anti-virus 3.85
broadcom etrust_intrusion_detection 1.5
kaspersky_lab kaspersky_anti-virus 3.0
archive_zip archive_zip 1.13
ca etrust_antivirus 7.0_sp2
rav_antivirus rav_antivirus_for_file_servers 1.0
sophos sophos_puremessage_anti-virus 4.6
CVE-2004-0934 HIGH

Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_intrusion_detection 1.4.1.13
broadcom etrust_antivirus 7.0
kaspersky_lab kaspersky_anti-virus 5.0
sophos sophos_anti-virus 3.82
broadcom etrust_secure_content_manager 1.0
sophos sophos_anti-virus 3.4.6
ca etrust_secure_content_manager 1.0
mcafee antivirus_engine 4.3.20
broadcom etrust_ez_antivirus 6.3
sophos sophos_anti-virus 3.83
sophos sophos_anti-virus 3.80
suse suse_linux 9.2
eset_software nod32_antivirus 1.0.13
sophos sophos_anti-virus 3.78
sophos sophos_small_business_suite 1.0
broadcom etrust_antivirus 7.1
mandrakesoft mandrake_linux 10.1
broadcom etrust_ez_armor 2.0
kaspersky_lab kaspersky_anti-virus 4.0
eset_software nod32_antivirus 1.0.11
sophos sophos_anti-virus 3.81
gentoo linux *
eset_software nod32_antivirus 1.0.12
broadcom brightstor_arcserve_backup 11.1
broadcom etrust_ez_antivirus 6.1
broadcom etrust_ez_antivirus 6.2
rav_antivirus rav_antivirus_desktop 8.6
broadcom etrust_antivirus_gateway 7.1
broadcom inoculateit 6.0
broadcom etrust_ez_armor 2.4
broadcom etrust_intrusion_detection 1.4.5
rav_antivirus rav_antivirus_for_mail_servers 8.4.2
sophos sophos_anti-virus 3.86
sophos sophos_anti-virus 3.79
broadcom etrust_secure_content_manager 1.1
broadcom etrust_ez_armor 2.3
gentoo linux 1.4
broadcom etrust_antivirus_gateway 7.0
sophos sophos_anti-virus 3.78d
sophos sophos_anti-virus 3.84
sophos sophos_anti-virus 3.85
broadcom etrust_intrusion_detection 1.5
kaspersky_lab kaspersky_anti-virus 3.0
archive_zip archive_zip 1.13
ca etrust_antivirus 7.0_sp2
rav_antivirus rav_antivirus_for_file_servers 1.0
sophos sophos_puremessage_anti-virus 4.6
CVE-2004-0935 HIGH

Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_intrusion_detection 1.4.1.13
broadcom etrust_antivirus 7.0
kaspersky_lab kaspersky_anti-virus 5.0
sophos sophos_anti-virus 3.82
broadcom etrust_secure_content_manager 1.0
sophos sophos_anti-virus 3.4.6
ca etrust_secure_content_manager 1.0
mcafee antivirus_engine 4.3.20
broadcom etrust_ez_antivirus 6.3
sophos sophos_anti-virus 3.83
sophos sophos_anti-virus 3.80
suse suse_linux 9.2
eset_software nod32_antivirus 1.0.13
sophos sophos_anti-virus 3.78
sophos sophos_small_business_suite 1.0
broadcom etrust_antivirus 7.1
mandrakesoft mandrake_linux 10.1
broadcom etrust_ez_armor 2.0
kaspersky_lab kaspersky_anti-virus 4.0
eset_software nod32_antivirus 1.0.11
sophos sophos_anti-virus 3.81
gentoo linux *
eset_software nod32_antivirus 1.0.12
broadcom brightstor_arcserve_backup 11.1
broadcom etrust_ez_antivirus 6.1
broadcom etrust_ez_antivirus 6.2
rav_antivirus rav_antivirus_desktop 8.6
broadcom etrust_antivirus_gateway 7.1
broadcom inoculateit 6.0
broadcom etrust_ez_armor 2.4
broadcom etrust_intrusion_detection 1.4.5
rav_antivirus rav_antivirus_for_mail_servers 8.4.2
sophos sophos_anti-virus 3.86
sophos sophos_anti-virus 3.79
broadcom etrust_secure_content_manager 1.1
broadcom etrust_ez_armor 2.3
gentoo linux 1.4
broadcom etrust_antivirus_gateway 7.0
sophos sophos_anti-virus 3.78d
sophos sophos_anti-virus 3.84
sophos sophos_anti-virus 3.85
broadcom etrust_intrusion_detection 1.5
kaspersky_lab kaspersky_anti-virus 3.0
archive_zip archive_zip 1.13
ca etrust_antivirus 7.0_sp2
rav_antivirus rav_antivirus_for_file_servers 1.0
sophos sophos_puremessage_anti-virus 4.6
CVE-2004-0936 HIGH

RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_intrusion_detection 1.4.1.13
broadcom etrust_antivirus 7.0
kaspersky_lab kaspersky_anti-virus 5.0
sophos sophos_anti-virus 3.82
broadcom etrust_secure_content_manager 1.0
sophos sophos_anti-virus 3.4.6
ca etrust_secure_content_manager 1.0
mcafee antivirus_engine 4.3.20
broadcom etrust_ez_antivirus 6.3
sophos sophos_anti-virus 3.83
sophos sophos_anti-virus 3.80
suse suse_linux 9.2
eset_software nod32_antivirus 1.0.13
sophos sophos_anti-virus 3.78
sophos sophos_small_business_suite 1.0
broadcom etrust_antivirus 7.1
mandrakesoft mandrake_linux 10.1
broadcom etrust_ez_armor 2.0
kaspersky_lab kaspersky_anti-virus 4.0
eset_software nod32_antivirus 1.0.11
sophos sophos_anti-virus 3.81
gentoo linux *
eset_software nod32_antivirus 1.0.12
broadcom brightstor_arcserve_backup 11.1
broadcom etrust_ez_antivirus 6.1
broadcom etrust_ez_antivirus 6.2
rav_antivirus rav_antivirus_desktop 8.6
broadcom etrust_antivirus_gateway 7.1
broadcom inoculateit 6.0
broadcom etrust_ez_armor 2.4
broadcom etrust_intrusion_detection 1.4.5
rav_antivirus rav_antivirus_for_mail_servers 8.4.2
sophos sophos_anti-virus 3.86
sophos sophos_anti-virus 3.79
broadcom etrust_secure_content_manager 1.1
broadcom etrust_ez_armor 2.3
gentoo linux 1.4
broadcom etrust_antivirus_gateway 7.0
sophos sophos_anti-virus 3.78d
sophos sophos_anti-virus 3.84
sophos sophos_anti-virus 3.85
broadcom etrust_intrusion_detection 1.5
kaspersky_lab kaspersky_anti-virus 3.0
archive_zip archive_zip 1.13
ca etrust_antivirus 7.0_sp2
rav_antivirus rav_antivirus_for_file_servers 1.0
sophos sophos_puremessage_anti-virus 4.6
CVE-2004-0937 HIGH

Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_intrusion_detection 1.4.1.13
broadcom etrust_antivirus 7.0
kaspersky_lab kaspersky_anti-virus 5.0
sophos sophos_anti-virus 3.82
broadcom etrust_secure_content_manager 1.0
sophos sophos_anti-virus 3.4.6
ca etrust_secure_content_manager 1.0
mcafee antivirus_engine 4.3.20
broadcom etrust_ez_antivirus 6.3
sophos sophos_anti-virus 3.83
sophos sophos_anti-virus 3.80
suse suse_linux 9.2
eset_software nod32_antivirus 1.0.13
sophos sophos_anti-virus 3.78
sophos sophos_small_business_suite 1.0
broadcom etrust_antivirus 7.1
mandrakesoft mandrake_linux 10.1
broadcom etrust_ez_armor 2.0
kaspersky_lab kaspersky_anti-virus 4.0
eset_software nod32_antivirus 1.0.11
sophos sophos_anti-virus 3.81
gentoo linux *
eset_software nod32_antivirus 1.0.12
broadcom brightstor_arcserve_backup 11.1
broadcom etrust_ez_antivirus 6.1
broadcom etrust_ez_antivirus 6.2
rav_antivirus rav_antivirus_desktop 8.6
broadcom etrust_antivirus_gateway 7.1
broadcom inoculateit 6.0
broadcom etrust_ez_armor 2.4
broadcom etrust_intrusion_detection 1.4.5
rav_antivirus rav_antivirus_for_mail_servers 8.4.2
sophos sophos_anti-virus 3.86
sophos sophos_anti-virus 3.79
broadcom etrust_secure_content_manager 1.1
broadcom etrust_ez_armor 2.3
gentoo linux 1.4
broadcom etrust_antivirus_gateway 7.0
sophos sophos_anti-virus 3.78d
sophos sophos_anti-virus 3.84
sophos sophos_anti-virus 3.85
broadcom etrust_intrusion_detection 1.5
kaspersky_lab kaspersky_anti-virus 3.0
archive_zip archive_zip 1.13
ca etrust_antivirus 7.0_sp2
rav_antivirus rav_antivirus_for_file_servers 1.0
sophos sophos_puremessage_anti-virus 4.6
CVE-2004-1096 HIGH

Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_intrusion_detection 1.4.1.13
broadcom etrust_antivirus 7.0
kaspersky_lab kaspersky_anti-virus 5.0
sophos sophos_anti-virus 3.82
broadcom etrust_secure_content_manager 1.0
sophos sophos_anti-virus 3.4.6
ca etrust_secure_content_manager 1.0
mcafee antivirus_engine 4.3.20
broadcom etrust_ez_antivirus 6.3
sophos sophos_anti-virus 3.83
sophos sophos_anti-virus 3.80
suse suse_linux 9.2
eset_software nod32_antivirus 1.0.13
sophos sophos_anti-virus 3.78
sophos sophos_small_business_suite 1.0
broadcom etrust_antivirus 7.1
mandrakesoft mandrake_linux 10.1
broadcom etrust_ez_armor 2.0
kaspersky_lab kaspersky_anti-virus 4.0
eset_software nod32_antivirus 1.0.11
sophos sophos_anti-virus 3.81
gentoo linux *
eset_software nod32_antivirus 1.0.12
broadcom brightstor_arcserve_backup 11.1
broadcom etrust_ez_antivirus 6.1
broadcom etrust_ez_antivirus 6.2
rav_antivirus rav_antivirus_desktop 8.6
broadcom etrust_antivirus_gateway 7.1
broadcom inoculateit 6.0
broadcom etrust_ez_armor 2.4
broadcom etrust_intrusion_detection 1.4.5
rav_antivirus rav_antivirus_for_mail_servers 8.4.2
sophos sophos_anti-virus 3.86
sophos sophos_anti-virus 3.79
broadcom etrust_secure_content_manager 1.1
broadcom etrust_ez_armor 2.3
gentoo linux 1.4
broadcom etrust_antivirus_gateway 7.0
sophos sophos_anti-virus 3.78d
sophos sophos_anti-virus 3.84
sophos sophos_anti-virus 3.85
broadcom etrust_intrusion_detection 1.5
kaspersky_lab kaspersky_anti-virus 3.0
ca etrust_antivirus 7.0_sp2
rav_antivirus rav_antivirus_for_file_servers 1.0
sophos sophos_puremessage_anti-virus 4.6
CVE-2004-1149 HIGH

Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_ez_antivirus 7.0.1.2
broadcom etrust_ez_antivirus 7.0.2.1
broadcom etrust_ez_antivirus 7.0.4
broadcom etrust_ez_antivirus 7.0
broadcom etrust_ez_antivirus 7.0.1.3
broadcom etrust_ez_antivirus 7.0.1
broadcom etrust_ez_antivirus 7.0.3
broadcom etrust_ez_antivirus 7.0.1.1
broadcom etrust_ez_antivirus 7.0.1.4
broadcom etrust_ez_antivirus 7.0.2
CVE-2004-1663 MEDIUM

Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
brocade silkworm_fiber_channel_switch 2010
engenio storage_controller 5884
brocade silkworm 3800
broadcom fabric_operating_system 3.1
brocade silkworm_fiber_channel_switch 2050
brocade silkworm 3850
storagetek d280 *
brocade silkworm 3250
brocade silkworm 3200
brocade silkworm_fiber_channel_switch 2040
brocade silkworm 3900
broadcom fabric_operating_system 2.2
engenio storage_controller 2882
engenio storage_controller 2822
broadcom fabric_operating_system 2.1.2
engenio storage_controller 4884
ibm ds4100 *
CVE-2004-1812 HIGH

Multiple stack-based buffer overflows in Agent Common Services (1) cam.exe and (2) awservices.exe in Unicenter TNG 2.4 allow remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom unicenter_tng 2.4
broadcom unicenter_tng 2.4.2
CVE-2004-2092 MEDIUM

eTrust InoculateIT for Linux 6.0 uses insecure permissions for multiple files and directories, including the application's registry and tmp directories, which allows local users to delete, modify, or examine sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom inoculateit 6.0
CVE-2004-2305 MEDIUM

Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote attackers to bypass virus scanning by including a password-protected file in a ZIP file, which causes eTrust to scan only the password protected file and skip the other files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_antivirus_ee 7.0
broadcom etrust_antivirus_ee 6.0
CVE-2004-2397 MEDIUM

The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,

Products Affected

Vendor Product Version
broadcom bluecoat_security_gateway *
broadcom bluecoat_security_gateway 3.2.1
CVE-2004-2436 LOW

Computer Associates Unicenter Common Services 3.0 and earlier stores the database "SA" password in cleartext in the TndAddNspTmp.bat file, which could allow local users to gain privileges.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom common_services 2.0
broadcom common_services 1.0
broadcom common_services 3.0
broadcom common_services 1.1
broadcom unicenter_network_and_systems_management 3.0
broadcom common_services 2.1
broadcom common_services 2.2
broadcom unicenter_serviceplus_service_desk 6.0
CVE-2005-0260 HIGH

Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom brightstor_arcserve_backup 11.1
CVE-2005-0349 HIGH

The production release of the UniversalAgent for UNIX in BrightStor ARCserve Backup 11.1 contains hard-coded credentials, which allows remote attackers to access the file system and possibly execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom brightstor_arcserve_backup 11.1
CVE-2005-0581 MEDIUM

Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execute arbitrary code via (1) certain long fields in the Checksum item in a GCR request, (2) a long IP address, hostname, or netmask values in a GCR request, (3) a long last parameter in a GETCONFIG packet, or (4) long values in a request with an invalid format.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom license_software 0.1.0.15
CVE-2005-0582 HIGH

Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to execute arbitrary code via a long filename in a PUTOLF request.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom license_software 0.1.0.15
CVE-2005-0583 MEDIUM

Directory traversal vulnerability in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to create arbitrary files via .. (dot dot) sequences in a PUTOLF request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom license_software 0.1.0.15
CVE-2005-0640 MEDIUM

Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the "Change Credentials for Database" window, which allows local users to recover the SQL Admin password via certain methods.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom unicenter_asset_management 4.0
CVE-2005-0641 MEDIUM

Cross-site scripting (XSS) vulnerability in the Reporter for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to inject arbitrary HTML or web script via the (1) name or (2) description in a report template.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom unicenter_asset_management 4.0
CVE-2005-0642 HIGH

SQL injection vulnerability in the Query Designer for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to execute arbitrary SQL via an imported file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom unicenter_asset_management 4.0
CVE-2005-0968 MEDIUM

Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_intrusion_detection 3.0
CVE-2005-10001 MEDIUM

A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
cna@vuldb.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,CWE-601,

Products Affected

Vendor Product Version
broadcom symantec_siteminder 4.5.0
broadcom symantec_siteminder 4.5.1
CVE-2005-1272 HIGH

Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ca brightstor_enterprise_backup_agent 10.5
ca brightstor_arcserve_backup_agent 9.0.1
ca brightstor_arcserve_backup 11.1
ca brightstor_arcserve_backup_agent 11.1
ca brightstor_arcserve_backup 9.0.1
broadcom brightstor_enterprise_backup 10.5
broadcom brightstor_enterprise_backup 10.0
ca brightstor_arcserve_backup_agent 11
ca brightstor_arcserve_backup 9.0_1
ca brightstor_arcserve_backup_agent 11.0
ca brightstor_enterprise_backup_agent 10.0
ca brightstor_arcserve_backup 11.0
CVE-2005-1693 HIGH

Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, BrightStor ARCserve Backup (BAB) r11.1, Vet Antivirus, Zonelabs ZoneAlarm Security Suite, and ZoneAlarm Antivirus, allows remote attackers to gain privileges via a compressed VBA directory with a project name length of -1, which leads to a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_intrusion_detection 1.4.1.13
broadcom etrust_antivirus 7.0
broadcom etrust_ez_armor_le 2.0
broadcom etrust_ez_armor_le 3.0.0.14
ca etrust_antivirus 7.1
broadcom etrust_intrusion_detection 3.0
broadcom etrust_secure_content_manager 1.0
zonelabs zonealarm_antivirus *
ca etrust_secure_content_manager 1.0
broadcom etrust_ez_armor 1.0
ca etrust_intrusion_detection 3.0
broadcom etrust_antivirus 7.1
broadcom etrust_ez_armor 2.0
broadcom etrust_antivirus_ee 7.0
ca brightstor_arcserve_backup 11.1
broadcom inoculateit 6.0
broadcom etrust_ez_armor 2.4
broadcom etrust_intrusion_detection 1.4.5
broadcom etrust_secure_content_manager 1.1
broadcom etrust_ez_armor 2.3
zonelabs zonealarm *
ca etrust_antivirus 7.0
broadcom etrust_ez_armor 2.4.4
broadcom etrust_intrusion_detection 1.5
broadcom etrust_antivirus_ee 6.0
ca etrust_antivirus 7.0_sp2
broadcom etrust_antivirus 6.0
ca vet_antivirus 10.66
CVE-2005-2204 MEDIUM

Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_siteminder 5.5
CVE-2005-2535 HIGH

Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9.0 through 11.1 allows remote attackers to execute arbitrary commands via a large packet to TCP port 41523, a different vulnerability than CVE-2005-0260.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom brightstor_enterprise_backup 10
broadcom brightstor_arcserve_backup 11.1
broadcom brightstor_arcserve_backup 7.0
broadcom brightstor_arcserve_backup_hp 11.1
broadcom brightstor_enterprise_backup 10.5
broadcom arcserve_backup_2000 r16.5
broadcom brightstor_arcserve_backup 9.0
broadcom brightstor_arcserve_backup 11.0
broadcom brightstor_enterprise_backup 10.0
broadcom brightstor_arcserve_backup 9.0.1
CVE-2005-2667 MEDIUM

Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows attackers to cause a denial of service via unknown vectors, aka the "CAM TCP port vulnerability."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom unicenter_service_level_management 3.5
ca unicenter_asset_management 4.0
ca unicenter_management 4.1
ca unicenter_management 5
ca unicenter_management 5.0.1
broadcom etrust_admin 2.07
broadcom cleverpath_predictive_analysis_server 3.0
broadcom unicenter_tng 2.2
broadcom cleverpath_ecm 3.5
ca unicenter_enterprise_job_manager 1.0
broadcom message_queuing 1.05
broadcom etrust_admin 8.1
broadcom message_queuing 1.07_build_220_13
broadcom unicenter_asset_management 3.1
ca unicenter_management 3.5
ca unicenter_software_delivery 4.0
broadcom unicenter_service_level_management 3.0.1
broadcom unicenter_tng 2.4
broadcom unicenter_service_level_management 3.0.2
ca unicenter_nsm 3.0
broadcom brightstor_san_manager 11.1
broadcom etrust_admin 2.04
broadcom unicenter_service_level_management 3.0
broadcom unicenter_asset_management 4.0
ca unicenter_tng 2.2
broadcom unicenter_tng 2.4.2
broadcom unicenter_performance_management 2.4
broadcom advantage_data_transport 3.0
broadcom unicenter_application_performance_monitor 3.0
broadcom unicenter_asset_management 3.2
broadcom etrust_admin 8.0
broadcom etrust_admin 2.01
ca unicenter_management 4.0
broadcom unicenter_software_delivery 4.0
broadcom unicenter_software_delivery 3.0
broadcom adviseit 2.4
ca unicenter_nsm 3.1
broadcom unicenter_tng 2.1
broadcom unicenter_application_performance_monitor 3.5
broadcom unicenter_software_delivery 3.1
broadcom etrust_admin 2.09
broadcom unicenter_data_transport_option 2.0
broadcom unicenter_remote_control 6.0
broadcom unicenter_jasmine 3.0
broadcom cleverpath_olap 5.1
broadcom brightstor_san_manager 1.1
broadcom message_queuing 1.11_build_29_13
broadcom brightstor_portal 11.1
CVE-2005-2668 HIGH

Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom unicenter_service_level_management 3.5
ca unicenter_asset_management 4.0
ca unicenter_management 4.1
ca etrust_admin 2.4
ca unicenter_management 5.0.1
broadcom cleverpath_predictive_analysis_server 3.0
broadcom unicenter_tng 2.2
broadcom cleverpath_ecm 3.5
ca unicenter_enterprise_job_manager 1.0
broadcom messaging 1.5
broadcom messaging 1.11
broadcom etrust_admin 8.1
broadcom unicenter_asset_management 3.1
ca unicenter_management 3.5
ca unicenter_software_delivery 4.0
broadcom unicenter_service_level_management 3.0.1
broadcom unicenter_tng 2.4
broadcom unicenter_service_level_management 3.0.2
broadcom brightstor_san_manager 11.1
ca etrust_admin 2.7
broadcom unicenter_network_and_systems_management 3.0
broadcom unicenter_nsm_wireless_network_management_option 3.0
broadcom unicenter_service_level_management 3.0
broadcom unicenter_asset_management 4.0
broadcom unicenter_network_and_systems_management 3.1
ca unicenter_tng 2.2
broadcom unicenter_management_portal 3.1
ca etrust_admin 2.9
broadcom unicenter_tng 2.4.2
broadcom unicenter_performance_management 2.4
broadcom advantage_data_transport 3.0
broadcom cleverpath_aion 10.0
ca etrust_admin 2.1
broadcom unicenter_management_portal 2.0
broadcom unicenter_application_performance_monitor 3.0
broadcom unicenter_asset_management 3.2
broadcom messaging 1.7
broadcom etrust_admin 8.0
ca unicenter_management 4.0
broadcom unicenter_software_delivery 4.0
broadcom unicenter_software_delivery 3.0
broadcom adviseit 2.4
broadcom unicenter_tng 2.1
broadcom unicenter_application_performance_monitor 3.5
broadcom cleverpath_predictive_analysis_server 2.0
broadcom unicenter_software_delivery 3.1
broadcom unicenter_data_transport_option 2.0
broadcom unicenter_remote_control 6.0
broadcom unicenter_jasmine 3.0
ca unicenter_management 5.0
broadcom cleverpath_olap 5.1
broadcom brightstor_san_manager 1.1
broadcom brightstor_portal 11.1
CVE-2005-2669 HIGH

Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom unicenter_service_level_management 3.5
ca unicenter_asset_management 4.0
ca unicenter_management 4.1
ca etrust_admin 2.4
ca unicenter_management 5.0.1
broadcom cleverpath_predictive_analysis_server 3.0
broadcom unicenter_tng 2.2
broadcom cleverpath_ecm 3.5
ca unicenter_enterprise_job_manager 1.0
broadcom messaging 1.5
broadcom messaging 1.11
broadcom etrust_admin 8.1
broadcom unicenter_asset_management 3.1
ca unicenter_management 3.5
ca unicenter_software_delivery 4.0
broadcom unicenter_service_level_management 3.0.1
broadcom unicenter_tng 2.4
broadcom unicenter_service_level_management 3.0.2
broadcom brightstor_san_manager 11.1
ca etrust_admin 2.7
broadcom unicenter_network_and_systems_management 3.0
broadcom unicenter_nsm_wireless_network_management_option 3.0
broadcom unicenter_service_level_management 3.0
broadcom unicenter_asset_management 4.0
broadcom unicenter_network_and_systems_management 3.1
ca unicenter_tng 2.2
broadcom unicenter_management_portal 3.1
ca etrust_admin 2.9
broadcom unicenter_tng 2.4.2
broadcom unicenter_performance_management 2.4
broadcom advantage_data_transport 3.0
broadcom cleverpath_aion 10.0
ca etrust_admin 2.1
broadcom unicenter_management_portal 2.0
broadcom unicenter_application_performance_monitor 3.0
broadcom unicenter_asset_management 3.2
broadcom messaging 1.7
broadcom etrust_admin 8.0
ca unicenter_management 4.0
broadcom unicenter_software_delivery 4.0
broadcom unicenter_software_delivery 3.0
broadcom adviseit 2.4
broadcom unicenter_tng 2.1
broadcom unicenter_application_performance_monitor 3.5
broadcom cleverpath_predictive_analysis_server 2.0
broadcom unicenter_software_delivery 3.1
broadcom unicenter_data_transport_option 2.0
broadcom unicenter_remote_control 6.0
broadcom unicenter_jasmine 3.0
ca unicenter_management 5.0
broadcom cleverpath_olap 5.1
broadcom brightstor_san_manager 1.1
broadcom brightstor_portal 11.1
CVE-2005-3190 HIGH

Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom igateway 3.0
broadcom igateway 4.0
CVE-2005-3225 MEDIUM

Multiple interpretation error in unspecified versions of (1) eTrust-Iris and (2) eTrust-Vet Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_antivirus *
broadcom etrust_antivirus_iris_engine *
CVE-2005-3372 MEDIUM

Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_antivirus 7.0.1.4
CVE-2005-3653 HIGH

Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ca unicenter_service_catalog_fulfillment_accounting 11.0
broadcom etrust_audit_irecorder 8.0
broadcom unicenter_service_metric_analysis 11.0
broadcom brightstor_storage_resource_manager 11.5
broadcom etrust_identity_minder 8.0
broadcom brightstor_storage_resource_manager 6.4
broadcom brightstor_storage_resource_manager 6.3
ca unicenter_management 11.0
ca brightstor_enterprise_backup 10.5
broadcom brightstor_arcserve_backup 11.5
broadcom unicenter_service_fulfillment 2.2
ca unicenter_exchange_management_console 11.0
broadcom brightstor_storage_resource_manager 11.1
broadcom brightstor_arcserve_backup_laptops_desktops 11.0
ca unicenter_service_level_management 11.0
broadcom brightstor_san_manager 11.5
broadcom unicenter_service_delivery 11.0
broadcom brightstor_arcserve_backup 9.01
ca etrust_audit_aries 1.5
broadcom etrust_admin 8.1
ca unicenter_application_server_managment 11.0
ca unicenter_management 3.5
ca unicenter_application_performance_monitor 11.0
broadcom etrust_audit_aries 8.0
broadcom unicenter_service_desk 11.0
broadcom etrust_audit_irecorder 1.5
broadcom brightstor_arcserve_backup 11.1
ca etrust_secure_content_manager 8.0
broadcom itechnology_igateway *
broadcom brightstor_san_manager 11.1
broadcom brightstor_arcserve_backup_laptops_desktops 11.1
broadcom unicenter_asset_portfolio_management 11.0
broadcom etrust_integrated_threat_management 8.0
broadcom unicenter_autosys_jm 11.0
ca brightstor_enterprise_backup 10.0
ca unicenter_web_server_management 11.0
broadcom unicenter_service_desk_knowledge_tools 11.0
ca etrust_directory 8.1_web_components
ca unicenter_service_fulfillment 11.0
ca unicenter_ca_web_services_distributed_management 11.0
broadcom brightstor_process_automation_manager 11.1
broadcom brightstor_portal 11.1
ca brightstor_arcserve_backup 11
ca unicenter_web_services_distributed_management 11.0
CVE-2005-4150 MEDIUM

Cross-site scripting (XSS) vulnerability in the portal login page in Computer Associates CleverPath 4.7 allows remote attackers to execute Javascript via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom cleverpath_portal 4.7
CVE-2006-0306 MEDIUM

The DM Primer (dmprimer.exe) in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter Remote Control 6.0, 6.0 SP1, CA Desktop Protection Suite r2, CA Server Protection Suite r2, and CA Business Protection Suite r2 allows remote attackers to cause a denial of service (CPU consumption or application hang) via a large network packet, which causes a WSAEMESGSIZE error code that is not handled, leading to a thread exit.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
broadcom unicenter_remote_control 5.2
broadcom desktop_protection_suite 2.0
broadcom brightstor_mobile_backup r4.0
ca unicenter_remote_control 6.0_build_6.0.56.3
broadcom business_protection_suite 2.0
broadcom brightstor_arcserve_backup_laptops_desktops 11.0
broadcom server_protection_suite 2
ca unicenter_remote_control 6.0
broadcom brightstor_arcserve_backup_laptops_desktops 11.1
broadcom unicenter_remote_control 6.0
ca unicenter_remote_control 6.0_build_6.0.74
CVE-2006-0307 MEDIUM

The DM Primer in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter Remote Control 6.0, 6.0 SP1, CA Desktop Protection Suite r2, CA Server Protection Suite r2, and CA Business Protection Suite r2 allows remote attackers to cause a denial of service (CPU consumption and log file consumption) via unspecified "unrecognized network messages" that are not properly handled.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
broadcom unicenter_remote_control 5.2
broadcom desktop_protection_suite 2.0
broadcom brightstor_mobile_backup r4.0
ca unicenter_remote_control 6.0_build_6.0.56.3
broadcom business_protection_suite 2.0
broadcom brightstor_arcserve_backup_laptops_desktops 11.0
broadcom server_protection_suite 2
ca unicenter_remote_control 6.0
broadcom brightstor_arcserve_backup_laptops_desktops 11.1
broadcom unicenter_remote_control 6.0
ca unicenter_remote_control 6.0_build_6.0.74
CVE-2006-2201 MEDIUM

Unspecified vulnerability in CA Resource Initialization Manager (CAIRIM) 1.x before 20060502, as used in z/OS Common Services and the LMP component in multiple products, allows attackers to violate integrity via a certain "problem state program" that uses SVC to gain access to supervisor state, key 0.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom resource_initialization_manager *
CVE-2006-3223 HIGH

Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a scan job with format strings in the description field.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom etrust_antivirus 8.0
broadcom etrust_pestpatrol 8.0
broadcom integrated_threat_management 8.0
CVE-2006-6908 HIGH

Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom widcomm_bluetooth 1.3.2.7
broadcom widcomm_bluetooth 1.4.2.10
broadcom widcomm_bluetooth 1.4.1.03
microsoft windows_embedded_compact *
broadcom widcomm_bluetooth *
microsoft windows_mobile *
CVE-2009-2705 MEDIUM

CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
broadcom siteminder *
sun j2ee *
CVE-2009-3587 HIGH

Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ca arcserve_for_windows_server_component *
broadcom secure_content_manager 1.1
broadcom secure_content_manager 8.0
broadcom etrust_antivirus 8
broadcom network_and_systems_management r3.1
ca arcserve_for_windows_client_agent *
broadcom anti-virus_sdk *
ca anti-virus_for_the_enterprise r8.1
broadcom network_and_systems_management r11
ca internet_security_suite_2008 *
broadcom etrust_antivirus 7.1
broadcom unicenter_network_and_systems_management 11
ca protection_suites r3.1
ca etrust_anti-virus_gateway 7.1
broadcom anti-virus 2008
ca etrust_secure_content_manager 8.0
broadcom internet_security_suite *
broadcom unicenter_network_and_systems_management 3.0
ca threat_manager 8.1
ca anti-virus_plus 2009
broadcom unicenter_network_and_systems_management 3.1
ca internet_security_suite_plus_2009 *
broadcom network_and_systems_management r11.1
broadcom common_services 11.1
ca protection_suites r2
ca common_services 3.1
broadcom anti-virus_for_the_enterprise r8
broadcom network_and_systems_management r3.0
broadcom etrust_intrusion_detection 3.0
ca etrust_anti-virus_sdk *
ca etrust_ez_antivirus r7.1
broadcom unicenter_network_and_systems_management 11.1
ca threat_manager_total_defense *
ca etrust_intrusion_detection 3.0
broadcom etrust_integrated_threat_management 8.1
ca anti-virus_gateway 7.1
broadcom etrust_antivirus 8.1
ca threat_manager r8
broadcom common_services 11
ca arcserve_backup r11.1
ca protection_suites r3
broadcom etrust_secure_content_manager 1.1
ca arcserve_backup r11.5
broadcom anti-virus 2007
broadcom internet_security_suite 3.0
ca anti-virus 2009
ca internet_security_suite_plus_2008 *
ca gateway_security r8.1
broadcom anti-virus_for_the_enterprise 7.1
ca etrust_intrusion_detection 2.0
CVE-2009-3588 MEDIUM

Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ca arcserve_for_windows_server_component *
broadcom secure_content_manager 1.1
broadcom secure_content_manager 8.0
broadcom etrust_antivirus 8
broadcom network_and_systems_management r3.1
ca arcserve_for_windows_client_agent *
broadcom anti-virus_sdk *
ca anti-virus_for_the_enterprise r8.1
broadcom network_and_systems_management r11
ca internet_security_suite_2008 *
broadcom etrust_antivirus 7.1
broadcom unicenter_network_and_systems_management 11
ca protection_suites r3.1
ca etrust_anti-virus_gateway 7.1
broadcom anti-virus 2008
ca etrust_secure_content_manager 8.0
broadcom internet_security_suite *
broadcom unicenter_network_and_systems_management 3.0
ca threat_manager 8.1
ca anti-virus_plus 2009
broadcom unicenter_network_and_systems_management 3.1
ca internet_security_suite_plus_2009 *
broadcom network_and_systems_management r11.1
broadcom common_services 11.1
ca protection_suites r2
ca common_services 3.1
broadcom anti-virus_for_the_enterprise r8
broadcom network_and_systems_management r3.0
broadcom etrust_intrusion_detection 3.0
broadcom arcserve_backup r12.0
ca etrust_anti-virus_sdk *
ca etrust_ez_antivirus r7.1
broadcom unicenter_network_and_systems_management 11.1
ca threat_manager_total_defense *
ca etrust_intrusion_detection 3.0
broadcom etrust_integrated_threat_management 8.1
ca anti-virus_gateway 7.1
broadcom etrust_antivirus 8.1
ca threat_manager r8
broadcom common_services 11
ca arcserve_backup r11.1
ca protection_suites r3
broadcom etrust_secure_content_manager 1.1
ca arcserve_backup r11.5
broadcom anti-virus 2007
broadcom internet_security_suite 3.0
ca anti-virus 2009
ca internet_security_suite_plus_2008 *
ca gateway_security r8.1
broadcom anti-virus_for_the_enterprise 7.1
ca etrust_intrusion_detection 2.0
CVE-2010-0104 HIGH

Unspecified vulnerability in the Broadcom Integrated NIC Management Firmware 1.x before 1.40.0.0 and 8.x before 8.08 on the HP Small Form Factor and Microtower platforms allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom broadcom *
CVE-2010-0425 HIGH

modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server 2.2.8
ibm http_server 6.1.0.19
apache http_server 2.3.1
ibm http_server 6.0.2.25
apache http_server -
apache http_server 2.0.43
ibm http_server 6.1.0.25
apache http_server 2.0.28
apache http_server 2.2.7
apache http_server 2.2.10
ibm http_server 6.0.2.35
ibm http_server 6.1.0.29
ibm http_server 6.0.2.39
ibm http_server 6.1.0.13
ibm http_server 6.0.2.29
apache http_server 2.0.46
apache http_server 2.0.56
apache http_server 2.3.5
apache http_server 2.3.6
apache http_server 2.0.53
apache http_server 2.2.2
apache http_server 2.0.9
apache http_server 2.0.61
apache http_server 2.0.32
apache http_server 2.0.45
apache http_server 2.2.11
ibm http_server 6.1.0.21
apache http_server 2.0.34
apache http_server 2.0.36
apache http_server 2.0.47
ibm http_server 6.0.2.1
ibm http_server 6.1.0.11
apache http_server 2.0.50
ibm http_server 6.0.2.7
apache http_server 2.0.58
apache http_server 2.0.63
ibm http_server 6.0.2.13
ibm http_server 6.0.2.31
apache http_server 2.2.0
apache http_server 2.2.4
apache http_server 2.2.1
ibm http_server 6.1.0.3
apache http_server 2.2.12
ibm http_server 6.1.0.5
apache http_server 2.0.35
ibm http_server 6.0.2.21
ibm http_server 6.0.2.27
ibm http_server 6.0.2
ibm http_server 6.0.2.11
apache http_server 2.3.2
apache http_server 2.0.59
apache http_server 2.0.55
ibm http_server 6.0.2.9
ibm http_server 6.1.0.9
apache http_server 2.0.48
ibm http_server 6.1
apache http_server 2.0.39
apache http_server 2.2.9
apache http_server 2.0.52
apache http_server 2.0.38
apache http_server 2.0.44
apache http_server 2.3.4
apache http_server 2.2.3
apache http_server 2.2.14
ibm websphere_application_server *
ibm http_server 6.0.2.33
ibm http_server 6.1.0.2
apache http_server *
ibm http_server 6.0.2.15
apache http_server 2.3.3
apache http_server 2.2.13
ibm http_server 6.0.2.23
ibm http_server 6.1.0.23
apache http_server 2.0.42
ibm http_server 6.1.0.17
apache http_server 2.0.54
apache http_server 2.0.49
apache http_server 2.3.0
apache http_server 2.2.6
apache http_server 2.0.57
apache http_server 2.0.51
ibm http_server 6.1.0.7
apache http_server 2.0.40
apache http_server 2.0.60
ibm http_server 6.1.0.15
ibm http_server 6.1.0.27
ibm http_server 6.0.2.3
apache http_server 2.0.37
broadcom vmware_ace_management_server *
ibm http_server 6.0.2.37
oracle http_server 10.1.3.5.0
apache http_server 2.0.41
ibm http_server 6.0.2.19
CVE-2011-1653 HIGH

Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
broadcom total_defense r12
CVE-2011-1654 HIGH

Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
broadcom total_defense r12
CVE-2011-1655 HIGH

The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-310,

Products Affected

Vendor Product Version
broadcom total_defense r12
CVE-2011-1718 MEDIUM

The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
broadcom siteminder 12.0
ca siteminder 6
CVE-2011-1719 HIGH

Multiple stack-based buffer overflows in the Web Viewer ActiveX controls in CA Output Management Web Viewer 11.0 and 11.5 allow remote attackers to execute arbitrary code via (1) a long SRC property value to the PPSViewer ActiveX control in PPSView.ocx before 1.0.0.7 or (2) a long Title property value to the UOMWV_Helper ActiveX control in UOMWV_HelperActiveX.ocx before 11.5.0.1.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
broadcom output_management_web_viewer 11.0
broadcom output_management_web_viewer 11.5
CVE-2011-2667 HIGH

Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ca gateway_security 8.1
broadcom total_defense r12
CVE-2011-3849 MEDIUM

Unspecified vulnerability in dxserver before 6279 in CA Directory 8.1 and CA Directory r12 before SP7 CR1 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom directory r12
broadcom directory 8.1
CVE-2011-4503 HIGH

The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-16,

Products Affected

Vendor Product Version
sitecom wl-111 -
broadcom broadcom_linux *
CVE-2012-0691 HIGH

CA License (aka CA Licensing) before 1.90.03 does not properly restrict system commands, which allows local users to gain privileges via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
broadcom license_software 1.9.1.105
broadcom license_software 0.1.0.15
broadcom license_software 1.70.1.101
broadcom license_software 1.8.0.114
broadcom license_software *
broadcom license_software 1.5.3
broadcom license_software 1.52
broadcom license_software 1.8.0.110
broadcom license_software 1.61.8
broadcom license_software 1.60.3
broadcom license_software 1.61.9
CVE-2012-0692 HIGH

CA License (aka CA Licensing) before 1.90.03 allows local users to modify or create arbitrary files, and consequently gain privileges, via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
broadcom license_software 1.9.1.105
broadcom license_software 0.1.0.15
broadcom license_software 1.70.1.101
broadcom license_software 1.8.0.114
broadcom license_software *
broadcom license_software 1.5.3
broadcom license_software 1.52
broadcom license_software 1.8.0.110
broadcom license_software 1.61.8
broadcom license_software 1.60.3
broadcom license_software 1.61.9
CVE-2012-1662 MEDIUM

CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
broadcom arcserve_backup r16.0
CVE-2013-2630 MEDIUM

Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12.5 through 12.7 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
broadcom service_desk_manager 12.6
broadcom service_desk_manager 12.7
broadcom service_desk_manager 12.5
CVE-2013-5016 HIGH

Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
broadcom symantec_critical_system_protection *
CVE-2013-5968 MEDIUM

Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
broadcom siteminder 12.5
broadcom siteminder 12.51
ca web_agents 6.0
broadcom siteminder 12.0
CVE-2014-0160 MEDIUM

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
intellian v100_firmware 1.21
debian debian_linux 6.0
canonical ubuntu_linux 12.04
siemens simatic_s7-1500t_firmware 1.5
redhat virtualization 6.0
siemens wincc_open_architecture 3.12
opensuse opensuse 12.3
siemens cp_1543-1_firmware 1.1
redhat enterprise_linux_workstation 6.0
mitel micollab 7.2
redhat enterprise_linux_desktop 6.0
ricon s9922l_firmware 16.10.3(3794)
splunk splunk *
siemens simatic_s7-1500_firmware 1.5
siemens elan-8.2 *
mitel mivoice 1.2.0.11
siemens application_processing_engine_firmware 2.0
redhat enterprise_linux_server_aus 6.5
mitel mivoice 1.1.3.3
fedoraproject fedora 20
redhat enterprise_linux_server_eus 6.5
redhat enterprise_linux_server_tus 6.5
mitel mivoice 1.4.0.102
redhat gluster_storage 2.1
mitel micollab 7.1
redhat enterprise_linux_server 6.0
debian debian_linux 8.0
canonical ubuntu_linux 13.10
intellian v100_firmware 1.24
mitel mivoice 1.1.2.5
opensuse opensuse 13.1
intellian v60_firmware 1.25
mitel micollab 7.3
filezilla-project filezilla_server *
mitel micollab 6.0
fedoraproject fedora 19
intellian v100_firmware 1.20
mitel micollab 7.0
broadcom symantec_messaging_gateway 10.6.1
canonical ubuntu_linux 12.10
openssl openssl *
redhat storage 2.1
debian debian_linux 7.0
mitel micollab 7.3.0.104
mitel mivoice 1.3.2.2
intellian v60_firmware 1.15
broadcom symantec_messaging_gateway 10.6.0
CVE-2014-1219 MEDIUM

CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
broadcom 2e_web_option r8.1.2
CVE-2014-2046 HIGH

cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) modify the firmware via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-310,

Products Affected

Vendor Product Version
broadcom pipa_c211_web_interface 1.1
broadcom pipa_c211 -
CVE-2014-3440 HIGH

The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
broadcom symantec_critical_system_protection 5.2.9
symantec data_center_security 6.0.0
CVE-2014-6799 MEDIUM

The Investigation Tool (aka gov.ca.post.lp.itool) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
broadcom investigation_tool 1.0.0
CVE-2014-7289 MEDIUM

SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
broadcom symantec_critical_system_protection 5.2.9
symantec data_center_security 6.0.0
CVE-2014-8246 MEDIUM

Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
broadcom release_automation *
CVE-2014-8247 MEDIUM

Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
broadcom release_automation *
CVE-2014-8248 MEDIUM

SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
broadcom release_automation *
CVE-2014-9224 LOW

Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
broadcom symantec_critical_system_protection 5.2.9
symantec data_center_security 6.0.0
CVE-2014-9225 MEDIUM

The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
broadcom symantec_critical_system_protection 5.2.9
symantec data_center_security 6.0.0
CVE-2014-9226 HIGH

The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
broadcom symantec_critical_system_protection 5.2.9
symantec data_center_security 6.0.0
CVE-2015-2827 LOW

Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
broadcom spectrum 9.2
broadcom spectrum 9.3
CVE-2015-2828 HIGH

CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
broadcom spectrum 9.2
broadcom spectrum 9.3
CVE-2015-3316 MEDIUM

CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, allows local users to gain privileges via an unspecified environment variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ca client_automation r12.9
ca virtual_assurance_for_infrastructure_managers 12.8
ca nsm_job_management_option r11.1
ca virtual_assurance_for_infrastructure_managers 12.7
ca client_automation r12.8
ca virtual_assurance_for_infrastructure_managers 12.6
ca network_and_systems_management r11.2
ca workload_automation_ae r11
ca workload_automation_ae r11.3.5
ca client_automation r12.5
broadcom network_and_systems_management r11.1
ca nsm_job_management_option r11.2
ca nsm_job_management_option r11.0
ca workload_automation_ae r11.3
ca workload_automation_ae r11.3.6
ca universal_job_management_agent -
ca virtual_assurance_for_infrastructure_managers 12.9
CVE-2015-4664 HIGH

An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
xceedium xsuite 2.3.0
broadcom privileged_access_manager *
xceedium xsuite 2.4.3.0
CVE-2015-6853 MEDIUM

The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,

Products Affected

Vendor Product Version
broadcom single_sign-on r12.51
broadcom single_sign-on r12.0j
broadcom single_sign-on r12.52
broadcom single_sign-on r12.0
broadcom single_sign-on r6.0
broadcom single_sign-on r12.5
CVE-2015-6854 MEDIUM

The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,

Products Affected

Vendor Product Version
broadcom single_sign-on r12.0j
broadcom single_sign-on r12.0
broadcom single_sign-on r6.0
broadcom single_sign-on r12.5
CVE-2015-8157 MEDIUM

SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
broadcom symantec_embedded_security_critical_system_protection *
broadcom symantec_data_center_security_server 6.6.0
broadcom symantec_critical_system_protection *
broadcom symantec_data_center_security_server 6.5.0
broadcom symantec_data_center_security_server_and_agents *
broadcom symantec_embedded_security_critical_system_protection_for_controllers_and_devices *
CVE-2015-8698 LOW

CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allows remote attackers to read arbitrary files or cause a denial of service via a request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom release_automation *
CVE-2015-8699 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
broadcom release_automation *
CVE-2015-8798 HIGH

Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
broadcom symantec_embedded_security_critical_system_protection *
broadcom symantec_data_center_security_server 6.6.0
broadcom symantec_critical_system_protection *
broadcom symantec_data_center_security_server 6.5.0
broadcom symantec_data_center_security_server_and_agents *
broadcom symantec_embedded_security_critical_system_protection_for_controllers_and_devices *
CVE-2015-8799 HIGH

Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.6 HIGH CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 1.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
broadcom symantec_data_center_security_server *
broadcom symantec_embedded_security_critical_system_protection *
broadcom symantec_data_center_security_server 6.6.0
broadcom symantec_critical_system_protection *
broadcom symantec_data_center_security_server 6.5.0
broadcom symantec_embedded_security_critical_system_protection_for_controllers_and_devices 6.5.0
broadcom symantec_data_center_security_server_and_agents 6.6.0
CVE-2015-8800 MEDIUM

Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H 2.1 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
broadcom symantec_critical_system_protection 5.2.9
broadcom symantec_data_center_security_server 6.6.0
broadcom symantec_data_center_security_server 6.5.0
broadcom symantec_embedded_security_critical_system_protection_for_controllers_and_devices 6.5.0
broadcom symantec_data_center_security_server_and_agents 6.6.0
broadcom symantec_embedded_security_critical_system_protection 1.0
CVE-2016-10256 MEDIUM

The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
broadcom symantec_proxysg 6.6
broadcom symantec_proxysg *
CVE-2016-10257 MEDIUM

The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
broadcom symantec_proxysg 6.6
broadcom symantec_proxysg *
broadcom advanced_secure_gateway *
broadcom advanced_secure_gateway 6.6
CVE-2016-10258 MEDIUM

Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
broadcom symantec_proxysg *
broadcom advanced_secure_gateway *
CVE-2016-3118 MEDIUM

CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom api_gateway 8.3
broadcom api_gateway 8.0
broadcom api_gateway 8.1
broadcom api_gateway 8.2
broadcom api_gateway 7.1
broadcom api_gateway 8.4
CVE-2016-4376 HIGH

HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-254,

Products Affected

Vendor Product Version
broadcom fabric_operating_system 8.0.0
broadcom fabric_operating_system *
CVE-2016-5309 MEDIUM

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
symantec endpoint_protection_for_small_business *
symantec web_gateway -
symantec advanced_threat_protection -
symantec mail_security_for_domino 8.1.2
symantec protection_engine 7.5.2
symantec mail_security_for_microsoft_exchange 7.0
symantec mail_security_for_microsoft_exchange 7.0.1
symantec mail_security_for_microsoft_exchange 7.5.1
symantec endpoint_protection_for_small_business -
symantec csapi *
symantec protection_engine 7.5.5
symantec mail_security_for_microsoft_exchange 7.0.4
symantec messaging_gateway_for_service_providers 10.6
symantec protection_engine 7.5.4
symantec mail_security_for_microsoft_exchange 7.5.3
symantec mail_security_for_domino 8.1.3
symantec protection_engine 7.5.3
symantec protection_for_sharepoint_servers 6.0.7
symantec mail_security_for_microsoft_exchange 7.5.4
symantec messaging_gateway *
broadcom symantec_data_center_security_server -
symantec mail_security_for_microsoft_exchange 7.0.2
symantec web_security.cloud -
symantec protection_engine 7.5.0
symantec endpoint_protection *
symantec protection_for_sharepoint_servers 6.0.5
symantec email_security.cloud -
symantec protection_for_sharepoint_servers 6.0.4
symantec protection_engine *
symantec protection_engine 7.8.0
symantec mail_security_for_microsoft_exchange 7.0.3
symantec protection_for_sharepoint_servers 6.0.3
symantec endpoint_protection_cloud -
symantec messaging_gateway_for_service_providers 10.5
symantec protection_for_sharepoint_servers 6.0.6
symantec mail_security_for_microsoft_exchange 7.5
symantec mail_security_for_domino *
symantec mail_security_for_microsoft_exchange *
symantec mail_security_for_microsoft_exchange 7.5.2
symantec protection_engine 7.5.1
CVE-2016-5310 MEDIUM

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
symantec endpoint_protection_for_small_business *
symantec web_gateway -
symantec advanced_threat_protection -
symantec mail_security_for_domino 8.1.2
symantec protection_engine 7.5.2
symantec mail_security_for_microsoft_exchange 7.0
symantec mail_security_for_microsoft_exchange 7.0.1
symantec mail_security_for_microsoft_exchange 7.5.1
symantec endpoint_protection_for_small_business -
symantec csapi *
symantec protection_engine 7.5.5
symantec mail_security_for_microsoft_exchange 7.0.4
symantec messaging_gateway_for_service_providers 10.6
symantec protection_engine 7.5.4
symantec mail_security_for_microsoft_exchange 7.5.3
symantec mail_security_for_domino 8.1.3
symantec protection_engine 7.5.3
symantec protection_for_sharepoint_servers 6.0.7
symantec mail_security_for_microsoft_exchange 7.5.4
symantec messaging_gateway *
broadcom symantec_data_center_security_server -
symantec mail_security_for_microsoft_exchange 7.0.2
symantec web_security.cloud -
symantec protection_engine 7.5.0
symantec endpoint_protection *
symantec protection_for_sharepoint_servers 6.0.5
symantec email_security.cloud -
symantec protection_for_sharepoint_servers 6.0.4
symantec protection_engine *
symantec protection_engine 7.8.0
symantec mail_security_for_microsoft_exchange 7.0.3
symantec protection_for_sharepoint_servers 6.0.3
symantec endpoint_protection_cloud -
symantec messaging_gateway_for_service_providers 10.5
symantec protection_for_sharepoint_servers 6.0.6
symantec mail_security_for_microsoft_exchange 7.5
symantec mail_security_for_domino *
symantec mail_security_for_microsoft_exchange *
symantec mail_security_for_microsoft_exchange 7.5.2
symantec protection_engine 7.5.1
CVE-2016-6152 HIGH

CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom ehealth 6.3.2.06
broadcom ehealth 6.3.2.02
broadcom ehealth 6.3.2.04
broadcom ehealth 6.3.2.10
broadcom ehealth 6.3.2.03
broadcom ehealth 6.3.2
broadcom ehealth 6.3.2.07
broadcom ehealth 6.3.2.09
ca ehealth 6.2.1
broadcom ehealth 6.3.2.12
broadcom ehealth 6.3.1
ca ehealth 6.2
ca ehealth 6.2.2
broadcom ehealth 6.3.2.08
broadcom ehealth 6.3.2.11
broadcom ehealth 6.3
broadcom ehealth 6.3.2.01
broadcom ehealth 6.3.2.05
CVE-2016-6160 MEDIUM

tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
broadcom tcpreplay *
CVE-2016-8202 HIGH

A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
broadcom fabric_operating_system 8.0.1
broadcom fabric_operating_system *
CVE-2016-8204 HIGH

A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
broadcom brocade_network_advisor *
CVE-2016-9097 HIGH

The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
broadcom symantec_proxysg 6.5.2.10
broadcom symantec_proxysg 6.5.5.7
broadcom symantec_proxysg 6.5.9.8
broadcom symantec_proxysg 6.5.4.1
broadcom symantec_proxysg 6.5.6.1
broadcom symantec_proxysg 6.6.4.3
broadcom symantec_proxysg 6.5.9.14
broadcom advanced_secure_gateway 6.6
broadcom symantec_proxysg 6.5.2
broadcom advanced_secure_gateway 6.6.5.1
broadcom symantec_proxysg 6.6.2.1
broadcom symantec_proxysg 6.5
broadcom symantec_proxysg 6.7.1.1
broadcom advanced_secure_gateway 6.6.4.3
broadcom symantec_proxysg 6.6.4
broadcom symantec_proxysg 6.6.2.2
broadcom symantec_proxysg 6.5.7.6
broadcom advanced_secure_gateway 6.6.3
broadcom symantec_proxysg 6.6
broadcom symantec_proxysg 6.6.5
broadcom symantec_proxysg 6.5.9.10
broadcom symantec_proxysg 6.6.3
broadcom symantec_proxysg 6.5.9.2
broadcom symantec_proxysg 6.5.1
broadcom symantec_proxysg 6.6.3.2
broadcom symantec_proxysg 6.7
broadcom symantec_proxysg 6.6.2
broadcom symantec_proxysg 6.6.4.1
broadcom advanced_secure_gateway 6.6.4
CVE-2016-9099 MEDIUM

Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
broadcom symantec_proxysg 6.6
broadcom symantec_proxysg *
broadcom advanced_secure_gateway *
broadcom advanced_secure_gateway 6.6
CVE-2016-9100 LOW

Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
broadcom symantec_proxysg *
broadcom advanced_secure_gateway *
CVE-2016-9795 HIGH

The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
broadcom ca_workload_automation_ae 11.3
broadcom systems_performance_for_infrastructure_managers 12.9
broadcom systems_performance_for_infrastructure_managers 12.8
ca virtual_assurance_for_infrastructure_managers 12.8
broadcom client_automation 14.0
broadcom ca_workload_automation_ae 11.3.6
broadcom systemedge 5.9
ca universal_job_management_agent 11.2
broadcom ca_workload_automation_ae 11.3.5
broadcom ca_workload_automation_ae 11.0
broadcom client_automation 12.8
broadcom systemedge 5.8.2
ca virtual_assurance_for_infrastructure_managers 12.9
broadcom client_automation 12.9
CVE-2017-11120 HIGH

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
broadcom bcm4355c0_firmware 9.44.78.27.0.1.56
apple tvos *
apple iphone_os *
CVE-2017-11121 HIGH

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
broadcom bcm4355c0_firmware 9.44.78.27.0.1.56
apple tvos *
apple iphone_os *
CVE-2017-11122 MEDIUM

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
broadcom bcm4355c0_firmware *
apple tvos *
apple iphone_os *
CVE-2017-13677 MEDIUM

Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom symantec_proxysg *
broadcom advanced_secure_gateway *
CVE-2017-13678 LOW

Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
broadcom symantec_proxysg *
broadcom advanced_secure_gateway *
CVE-2017-14266 MEDIUM

tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file, a related issue to CVE-2016-6160.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
broadcom tcpreplay 3.4.4
CVE-2017-15533 MEDIUM

Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT research paper. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish multiple millions of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
broadcom ssl_visibility_appliance 3.12
broadcom ssl_visibility_appliance 3.8.4fc
broadcom ssl_visibility_appliance 3.11
broadcom ssl_visibility_appliance 3.10
CVE-2017-18268 MEDIUM

Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
broadcom symantec_intelligencecenter 3.3
CVE-2017-4965 MEDIUM

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
pivotal_software rabbitmq 1.5.19
vmware rabbitmq 3.5.3
pivotal_software rabbitmq 1.6.13
vmware rabbitmq 3.5.2
vmware rabbitmq 3.4.1
pivotal_software rabbitmq 1.7.7
broadcom rabbitmq_server 3.6.7
vmware rabbitmq 3.5.1
broadcom rabbitmq_server 3.4.2
pivotal_software rabbitmq 1.6.9
pivotal_software rabbitmq 1.5.4
pivotal_software rabbitmq 3.6.3
pivotal_software rabbitmq 1.5.0
pivotal_software rabbitmq 1.7.9
pivotal_software rabbitmq 1.5.15
pivotal_software rabbitmq 1.6.7
pivotal_software rabbitmq 1.6.8
pivotal_software rabbitmq 3.5.4
vmware rabbitmq 3.4.4
pivotal_software rabbitmq 3.6.5
broadcom rabbitmq_server 3.5.2
pivotal_software rabbitmq 1.5.6
broadcom rabbitmq_server 3.4.0
pivotal_software rabbitmq 1.7.10
vmware rabbitmq 3.4.0
pivotal_software rabbitmq 1.7.6
pivotal_software rabbitmq 1.5.3
pivotal_software rabbitmq 3.5.7
pivotal_software rabbitmq 1.5.10
vmware rabbitmq 3.5.0
pivotal_software rabbitmq 1.7.13
pivotal_software rabbitmq 1.5.18
broadcom rabbitmq_server 3.5.1
pivotal_software rabbitmq 1.6.16
pivotal_software rabbitmq 1.7.14
pivotal_software rabbitmq 1.5.2
broadcom rabbitmq_server 3.4.3
broadcom rabbitmq_server 3.5.3
pivotal_software rabbitmq 1.7.0
pivotal_software rabbitmq 1.5.14
vmware rabbitmq 3.6.7
vmware rabbitmq 3.4.2
debian debian_linux 9.0
pivotal_software rabbitmq 1.7.2
pivotal_software rabbitmq 1.6.1
pivotal_software rabbitmq 1.6.3
pivotal_software rabbitmq 1.6.12
broadcom rabbitmq_server 3.5.6
broadcom rabbitmq_server 3.5.0
pivotal_software rabbitmq 1.5.12
pivotal_software rabbitmq 1.6.6
pivotal_software rabbitmq 3.6.1
pivotal_software rabbitmq 1.5.5
pivotal_software rabbitmq 1.5.13
pivotal_software rabbitmq 1.5.11
pivotal_software rabbitmq 1.6.10
pivotal_software rabbitmq 1.7.5
pivotal_software rabbitmq 3.6.6
vmware rabbitmq 3.4.3
broadcom rabbitmq_server 3.4.4
pivotal_software rabbitmq 1.6.5
pivotal_software rabbitmq 3.6.2
pivotal_software rabbitmq 1.7.8
pivotal_software rabbitmq 3.5.5
vmware rabbitmq 3.5.6
pivotal_software rabbitmq 1.6.0
pivotal_software rabbitmq 1.5.1
pivotal_software rabbitmq 1.6.14
broadcom rabbitmq_server 3.4.1
pivotal_software rabbitmq 1.5.17
pivotal_software rabbitmq 1.5.8
pivotal_software rabbitmq 3.6.0
pivotal_software rabbitmq 1.7.3
pivotal_software rabbitmq 1.7.4
pivotal_software rabbitmq 3.6.4
pivotal_software rabbitmq 1.6.4
pivotal_software rabbitmq 1.6.15
pivotal_software rabbitmq 1.6.2
pivotal_software rabbitmq 1.5.9
pivotal_software rabbitmq 1.5.7
CVE-2017-4966 LOW

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
pivotal_software rabbitmq 1.5.19
vmware rabbitmq 3.5.3
pivotal_software rabbitmq 1.6.13
vmware rabbitmq 3.5.2
vmware rabbitmq 3.4.1
pivotal_software rabbitmq 1.7.7
broadcom rabbitmq_server 3.6.7
vmware rabbitmq 3.5.1
broadcom rabbitmq_server 3.4.2
pivotal_software rabbitmq 1.6.9
pivotal_software rabbitmq 1.5.4
pivotal_software rabbitmq 3.6.3
pivotal_software rabbitmq 1.5.0
pivotal_software rabbitmq 1.7.9
pivotal_software rabbitmq 1.5.15
pivotal_software rabbitmq 1.6.7
pivotal_software rabbitmq 1.6.8
pivotal_software rabbitmq 3.5.4
vmware rabbitmq 3.4.4
pivotal_software rabbitmq 3.6.5
broadcom rabbitmq_server 3.5.2
pivotal_software rabbitmq 1.5.6
broadcom rabbitmq_server 3.4.0
pivotal_software rabbitmq 1.7.10
vmware rabbitmq 3.4.0
pivotal_software rabbitmq 1.7.6
pivotal_software rabbitmq 1.5.3
pivotal_software rabbitmq 3.5.7
pivotal_software rabbitmq 1.5.10
vmware rabbitmq 3.5.0
pivotal_software rabbitmq 1.7.13
pivotal_software rabbitmq 1.5.18
broadcom rabbitmq_server 3.5.1
pivotal_software rabbitmq 1.6.16
pivotal_software rabbitmq 1.7.14
pivotal_software rabbitmq 1.5.2
broadcom rabbitmq_server 3.4.3
broadcom rabbitmq_server 3.5.3
pivotal_software rabbitmq 1.7.0
pivotal_software rabbitmq 1.5.14
vmware rabbitmq 3.6.7
vmware rabbitmq 3.4.2
debian debian_linux 9.0
pivotal_software rabbitmq 1.7.2
pivotal_software rabbitmq 1.6.1
pivotal_software rabbitmq 1.6.3
pivotal_software rabbitmq 1.6.12
broadcom rabbitmq_server 3.5.6
broadcom rabbitmq_server 3.5.0
pivotal_software rabbitmq 1.5.12
pivotal_software rabbitmq 1.6.6
pivotal_software rabbitmq 3.6.1
pivotal_software rabbitmq 1.5.5
pivotal_software rabbitmq 1.5.13
pivotal_software rabbitmq 1.5.11
pivotal_software rabbitmq 1.6.10
pivotal_software rabbitmq 1.7.5
pivotal_software rabbitmq 3.6.6
vmware rabbitmq 3.4.3
broadcom rabbitmq_server 3.4.4
pivotal_software rabbitmq 1.6.5
pivotal_software rabbitmq 3.6.2
pivotal_software rabbitmq 1.7.8
pivotal_software rabbitmq 3.5.5
vmware rabbitmq 3.5.6
pivotal_software rabbitmq 1.6.0
pivotal_software rabbitmq 1.5.1
pivotal_software rabbitmq 1.6.14
broadcom rabbitmq_server 3.4.1
pivotal_software rabbitmq 1.5.17
pivotal_software rabbitmq 1.5.8
pivotal_software rabbitmq 3.6.0
pivotal_software rabbitmq 1.7.3
pivotal_software rabbitmq 1.7.4
pivotal_software rabbitmq 3.6.4
pivotal_software rabbitmq 1.6.4
pivotal_software rabbitmq 1.6.15
pivotal_software rabbitmq 1.6.2
pivotal_software rabbitmq 1.5.9
pivotal_software rabbitmq 1.5.7
CVE-2017-4967 MEDIUM

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
pivotal_software rabbitmq 1.5.19
vmware rabbitmq 3.5.3
pivotal_software rabbitmq 1.6.13
vmware rabbitmq 3.5.2
vmware rabbitmq 3.4.1
pivotal_software rabbitmq 1.7.7
broadcom rabbitmq_server 3.6.7
vmware rabbitmq 3.5.1
broadcom rabbitmq_server 3.4.2
pivotal_software rabbitmq 1.6.9
pivotal_software rabbitmq 1.5.4
pivotal_software rabbitmq 3.6.3
pivotal_software rabbitmq 1.5.0
pivotal_software rabbitmq 1.7.9
pivotal_software rabbitmq 1.5.15
pivotal_software rabbitmq 1.6.7
pivotal_software rabbitmq 1.6.8
pivotal_software rabbitmq 3.5.4
vmware rabbitmq 3.4.4
pivotal_software rabbitmq 3.6.5
broadcom rabbitmq_server 3.5.2
pivotal_software rabbitmq 1.5.6
broadcom rabbitmq_server 3.4.0
pivotal_software rabbitmq 1.7.10
vmware rabbitmq 3.4.0
pivotal_software rabbitmq 1.7.6
pivotal_software rabbitmq 1.5.3
pivotal_software rabbitmq 3.5.7
pivotal_software rabbitmq 1.5.10
vmware rabbitmq 3.5.0
pivotal_software rabbitmq 1.7.13
pivotal_software rabbitmq 1.5.18
broadcom rabbitmq_server 3.5.1
pivotal_software rabbitmq 1.6.16
pivotal_software rabbitmq 1.7.14
pivotal_software rabbitmq 1.5.2
broadcom rabbitmq_server 3.4.3
broadcom rabbitmq_server 3.5.3
pivotal_software rabbitmq 1.7.0
pivotal_software rabbitmq 1.5.14
vmware rabbitmq 3.6.7
vmware rabbitmq 3.4.2
debian debian_linux 9.0
pivotal_software rabbitmq 1.7.2
pivotal_software rabbitmq 1.6.1
pivotal_software rabbitmq 1.6.3
pivotal_software rabbitmq 1.6.12
broadcom rabbitmq_server 3.5.6
broadcom rabbitmq_server 3.5.0
pivotal_software rabbitmq 1.5.12
pivotal_software rabbitmq 1.6.6
pivotal_software rabbitmq 3.6.1
pivotal_software rabbitmq 1.5.5
pivotal_software rabbitmq 1.5.13
pivotal_software rabbitmq 1.5.11
pivotal_software rabbitmq 1.6.10
pivotal_software rabbitmq 1.7.5
pivotal_software rabbitmq 3.6.6
vmware rabbitmq 3.4.3
broadcom rabbitmq_server 3.4.4
pivotal_software rabbitmq 1.6.5
pivotal_software rabbitmq 3.6.2
pivotal_software rabbitmq 1.7.8
pivotal_software rabbitmq 3.5.5
vmware rabbitmq 3.5.6
pivotal_software rabbitmq 1.6.0
pivotal_software rabbitmq 1.5.1
pivotal_software rabbitmq 1.6.14
broadcom rabbitmq_server 3.4.1
pivotal_software rabbitmq 1.5.17
pivotal_software rabbitmq 1.5.8
pivotal_software rabbitmq 3.6.0
pivotal_software rabbitmq 1.7.3
pivotal_software rabbitmq 1.7.4
pivotal_software rabbitmq 3.6.4
pivotal_software rabbitmq 1.6.4
pivotal_software rabbitmq 1.6.15
pivotal_software rabbitmq 1.6.2
pivotal_software rabbitmq 1.5.9
pivotal_software rabbitmq 1.5.7
CVE-2017-6225 MEDIUM

Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
brocade fabric_os 8.0.1b1
broadcom fabric_operating_system 8.1.1
brocade fabric_os 8.0.2b1
broadcom fabric_operating_system 8.0.2
broadcom fabric_operating_system *
brocade fabric_os 8.1.0c1
CVE-2017-6227 MEDIUM

A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom fabric_operating_system 8.0.0
broadcom fabric_operating_system 8.0.1
broadcom fabric_operating_system 8.1.2
broadcom fabric_operating_system 8.1.1
broadcom fabric_operating_system 8.1.0
broadcom fabric_operating_system 8.0.2
broadcom fabric_operating_system *
brocade fabric_os 8.0.2b2
CVE-2017-6429 MEDIUM

Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
broadcom tcpreplay *
CVE-2017-6956 HIGH

On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
broadcom hardmac_wi-fi_soc_firmware 6.37.34.40
CVE-2017-6957 MEDIUM

Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to execute arbitrary code via a crafted reassociation response frame with a Cisco IE (156).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
broadcom bcm4339_soc_firmware 6.37.34.40
CVE-2017-9417 HIGH

Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom bcm43xx_wi-fi_chipset_firmware -
CVE-2018-13112 MEDIUM

get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
broadcom tcpreplay 4.3.0
CVE-2018-13822 MEDIUM

Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
broadcom project_portfolio_management 15.3
broadcom project_portfolio_management *
broadcom project_portfolio_management 15.2
broadcom project_portfolio_management 15.1
broadcom project_portfolio_management 14.4
CVE-2018-13823 MEDIUM

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
broadcom project_portfolio_management *
ca project_portfolio_management 15.3
broadcom project_portfolio_management 15.1
ca project_portfolio_management 15.2
broadcom project_portfolio_management 14.4
CVE-2018-13824 HIGH

Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
broadcom project_portfolio_management *
ca project_portfolio_management 15.3
broadcom project_portfolio_management 15.1
ca project_portfolio_management 15.2
broadcom project_portfolio_management 14.4
CVE-2018-13825 MEDIUM

Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
broadcom project_portfolio_management *
ca project_portfolio_management 15.3
broadcom project_portfolio_management 15.1
ca project_portfolio_management 15.2
broadcom project_portfolio_management 14.4
CVE-2018-13826 MEDIUM

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
broadcom project_portfolio_management *
ca project_portfolio_management 15.3
broadcom project_portfolio_management 15.1
ca project_portfolio_management 15.2
broadcom project_portfolio_management 14.4
CVE-2018-14597 MEDIUM

CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,CWE-200,

Products Affected

Vendor Product Version
broadcom ca_identity_suite_virtual_appliance *
broadcom ca_identity_governance 12.6
broadcom ca_identity_governance *
CVE-2018-15691 HIGH

Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
broadcom release_automation *
CVE-2018-17580 MEDIUM

A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
broadcom tcpreplay 4.3.0
CVE-2018-17582 MEDIUM

Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
broadcom tcpreplay 4.3.0
CVE-2018-17974 MEDIUM

An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
broadcom tcpreplay 4.3.0
CVE-2018-18370 MEDIUM

The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
broadcom symantec_proxysg 6.6
broadcom symantec_proxysg *
broadcom advanced_secure_gateway *
broadcom advanced_secure_gateway 6.6
CVE-2018-18371 MEDIUM

The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
broadcom symantec_proxysg 6.6
broadcom symantec_proxysg *
broadcom advanced_secure_gateway *
broadcom advanced_secure_gateway 6.6
CVE-2018-18407 MEDIUM

A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
broadcom tcpreplay 4.3.0
fedoraproject fedora 28
fedoraproject fedora 29
CVE-2018-18408 HIGH

A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
broadcom tcpreplay 4.3.0
fedoraproject fedora 28
fedoraproject fedora 29
CVE-2018-19634 MEDIUM

CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom service_desk_manager 17.0
ca service_desk_manager 14.1
CVE-2018-19635 HIGH

CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom service_desk_manager 17.0
ca service_desk_manager 14.1
CVE-2018-19860 MEDIUM

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
broadcom bcm43438a1_firmware 2014-06-02
cypress cyw20704ua1kffb1gt_firmware -
cypress cyw20706ua1kffb1g_firmware -
cypress cyw20730a1kmlg_firmware -
cypress cyw20734ua1kffb3gt_firmware -
cypress cyw20730a1kml2g_firmware -
cypress cyw20705b0kwfbgt_firmware -
cypress cyw20733a2kml1g_firmware -
cypress cyw20707ua1kffb1g_firmware -
cypress cyw20703ua1kffb1gt_firmware -
cypress cyw20730a1kmlgt_firmware -
cypress cyw20705b0kwfbg_firmware -
cypress cyw20706ua1kffb1gt_firmware -
cypress cyw20702a1kwfbgt_firmware -
cypress cyw4354xkubgt_firmware -
cypress cyw20706ua2kffb4g_firmware -
cypress cyw20704ua2kffb1g_firmware -
cypress cyw89072brfb5g_firmware -
cypress cyw20733a1kfb1gt_firmware -
cypress cyw20733a2kfb1g_firmware -
cypress cyw20730a1kml2gt_firmware -
cypress cyw20733a2kml1gt_firmware -
cypress cyw20703ua1kffb1g_firmware -
cypress cyw20702b0kwfbg_firmware -
cypress cyw20730a2kfbg_firmware -
cypress cyw43438kubgt_firmware -
cypress cyw20704ua1kffb1g_firmware -
cypress cyw20733a3kml1g_firmware -
cypress cyw4343wkubgt_firmware -
cypress cyw20707ua1kffb4g_firmware -
cypress cyw20733a3kfb1gt_firmware -
cypress cyw20707va1pkwbgt_firmware -
cypress cyw89335lcubgt_firmware -
cypress cyw20707ua2kffb4gt_firmware -
cypress cyw20730a2kml2gt_firmware -
cypress cyw20730a1kfbgt_firmware -
cypress cyw20702b0kwfbgt_firmware -
cypress cyw20702a1kwfbg_firmware -
cypress cyw20730a2kfbgt_firmware -
cypress cyw20730a1kfbg_firmware -
cypress cyw4343wkwbgt_firmware -
cypress cyw20704ua2kffb1gt_firmware -
cypress cyw20706ua1kffb4g_firmware -
cypress cyw20707va2pkwbgt_firmware -
cypress cyw20707ua2kffb4g_firmware -
cypress cyw89335l2cubgt_firmware -
cypress cyw20733a3kfb2gt_firmware -
cypress cyw20734ua2kffb3gt_firmware -
cypress cyw20733a3kml1gt_firmware -
cypress cyw20707a2kubgt_firmware -
cypress cyw20705a1kwfbgt_firmware -
cypress cyw20733a3kfb1g_firmware -
cypress cyw20734ua1kffb3g_firmware -
cypress cyw20733a2kfb1gt_firmware -
cypress cyw89072brfb5gt_firmware -
cypress cyw20734ua2kffb3g_firmware -
cypress cyw20707ua1kffb4gt_firmware -
cypress cyw4354kkwbgt_firmware -
cypress cyw20730a2kml2g_firmware -
cypress cyw89071a1cubxgt_firmware -
cypress cyw20706ua2kffb4gt_firmware -
broadcom bcm4335c0_firmware 2012-12-11
cypress cyw4343w1kubgt_firmware -
CVE-2018-20552 MEDIUM

Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
broadcom tcpreplay *
CVE-2018-20553 MEDIUM

Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
broadcom tcpreplay *
CVE-2018-5241 HIGH

Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom symantec_proxysg 6.5
broadcom symantec_proxysg 6.6
broadcom advanced_secure_gateway 6.7
broadcom symantec_proxysg 6.7
broadcom advanced_secure_gateway 6.6
CVE-2018-6433 LOW

A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2018-6434 MEDIUM

A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2018-6435 HIGH

A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2018-6436 HIGH

A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2018-6437 HIGH

A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2018-6438 HIGH

A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2018-6439 HIGH

A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2018-6440 MEDIUM

A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2018-6441 HIGH

A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2018-6442 MEDIUM

A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2018-6446 HIGH

A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
broadcom brocade_network_advisor *
CVE-2018-6447 LOW

A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
broadcom fabric_operating_system 8.1.1a
broadcom fabric_operating_system 8.1.2c
broadcom fabric_operating_system 7.4.2f
broadcom fabric_operating_system 3.1
broadcom fabric_operating_system 8.2.1d
broadcom fabric_operating_system 8.0.1b
broadcom fabric_operating_system 8.2.2a
broadcom fabric_operating_system 8.0.2d
broadcom fabric_operating_system 7.4.1
broadcom fabric_operating_system 8.0.0
broadcom fabric_operating_system 7.4.1c
broadcom fabric_operating_system 8.2.2
broadcom fabric_operating_system 8.1.0
broadcom fabric_operating_system 7.4.1a
broadcom fabric_operating_system 8.0.2f
broadcom fabric_operating_system 8.0.2a
broadcom fabric_operating_system 7.4.1b
broadcom fabric_operating_system 8.1.2j
broadcom fabric_operating_system 7.4.2b
broadcom fabric_operating_system 8.2.2b
broadcom fabric_operating_system 8.0.2
broadcom fabric_operating_system 5.2.0a
broadcom fabric_operating_system 8.0.2c
broadcom fabric_operating_system 7.4.2c
broadcom fabric_operating_system 8.1.2f
broadcom fabric_operating_system 5.0.5b
broadcom fabric_operating_system 7.4.1e
broadcom fabric_operating_system 8.1.0a
broadcom fabric_operating_system 7.4.0
broadcom fabric_operating_system 8.0.2b
broadcom fabric_operating_system 7.4.2
broadcom fabric_operating_system 8.1.0c
broadcom fabric_operating_system 7.4.1d
broadcom fabric_operating_system 8.1.1
broadcom fabric_operating_system 2.2
broadcom fabric_operating_system 7.4.2a
broadcom fabric_operating_system 8.1.2d
broadcom fabric_operating_system 8.1.2a
broadcom fabric_operating_system 8.2.1a
broadcom fabric_operating_system 8.1.2b
broadcom fabric_operating_system 8.2.1b
broadcom fabric_operating_system 8.0.1
broadcom fabric_operating_system 8.0.1a
broadcom fabric_operating_system 8.2.3
broadcom fabric_operating_system 7.4.2d
broadcom fabric_operating_system 8.1.2e
broadcom fabric_operating_system 8.1.0b
broadcom fabric_operating_system 8.2.0a
broadcom fabric_operating_system 8.1.2
broadcom fabric_operating_system 8.2.1
broadcom fabric_operating_system 2.1.2
broadcom fabric_operating_system 5.2.0
broadcom fabric_operating_system 8.2.1c
broadcom fabric_operating_system 8.2.0
broadcom fabric_operating_system 8.2.2a1
CVE-2018-6448 MEDIUM

A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2018-6449 MEDIUM

Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2018-6590 MEDIUM

CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
broadcom ca_api_developer_portal 4.0
broadcom ca_api_developer_portal *
broadcom ca_api_developer_portal 4.1
CVE-2018-9021 HIGH

An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
broadcom privileged_access_manager *
CVE-2018-9022 HIGH

An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
broadcom privileged_access_manager *
CVE-2018-9023 HIGH

An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
broadcom privileged_access_manager *
CVE-2018-9024 MEDIUM

An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
broadcom privileged_access_manager *
CVE-2018-9025 MEDIUM

An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
broadcom privileged_access_manager *
CVE-2018-9026 MEDIUM

A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,

Products Affected

Vendor Product Version
broadcom privileged_access_manager *
CVE-2018-9028 MEDIUM

Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
broadcom privileged_access_manager *
CVE-2018-9029 HIGH

An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
broadcom privileged_access_manager *
CVE-2019-13656 HIGH

An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom ca_client_automation 14.0
broadcom ca_workload_automation_ae 11.3.6
broadcom ca_workload_automation_ae 11.3.5
CVE-2019-13657 MEDIUM

CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vuln@ca.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
broadcom ca_performance_management *
broadcom network_operations *
broadcom ca_performance_management 3.5.0
CVE-2019-13658 HIGH

CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
vuln@ca.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
broadcom network_flow_analysis 10.0.0
broadcom network_flow_analysis *
CVE-2019-15126 LOW

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.1 LOW CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 1.6 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-367,

Products Affected

Vendor Product Version
broadcom bcm43012_firmware -
broadcom bcm4375_firmware -
broadcom bcm43013_firmware -
apple mac_os_x *
broadcom bcm4389_firmware -
apple ipados *
apple iphone_os *
broadcom bcm4356_firmware -
broadcom bcm43752_firmware -
CVE-2019-16203 MEDIUM

Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2019-16204 MEDIUM

Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2019-16205 MEDIUM

A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2019-16206 LOW

The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-311,CWE-532,

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2019-16207 MEDIUM

Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2019-16208 MEDIUM

Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2019-16209 MEDIUM

A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2019-16210 LOW

Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-311,CWE-532,

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2019-16211 MEDIUM

Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2019-16212 MEDIUM

A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2019-18374 HIGH

Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing authentication controls.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
broadcom symantec_critical_system_protection 8.0.0
CVE-2019-18375 MEDIUM

The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom symantec_proxysg *
broadcom advanced_secure_gateway *
CVE-2019-18683 MEDIUM

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,CWE-416,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
broadcom fabric_operating_system -
canonical ubuntu_linux 19.10
linux linux_kernel *
canonical ubuntu_linux 16.04
netapp element_software -
netapp hci_management_node -
netapp a400_firmware -
netapp h610s_firmware -
netapp 8300_firmware -
netapp 8700_firmware -
canonical ubuntu_linux 14.04
netapp solidfire -
netapp e-series_santricity_os_controller *
netapp a700s_firmware -
netapp data_availability_services -
canonical ubuntu_linux 18.04
netapp cloud_backup -
opensuse leap 15.1
netapp steelstore_cloud_integrated_storage -
debian debian_linux 8.0
CVE-2019-18805 HIGH

An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
broadcom fabric_operating_system -
linux linux_kernel 5.1
linux linux_kernel *
netapp hci_management_node -
netapp h610s_firmware -
netapp hci_compute_node -
netapp fas8300_firmware -
netapp solidfire -
redhat enterprise_linux 7.0
netapp aff_a400_firmware -
netapp e-series_santricity_os_controller *
opensuse leap 15.0
netapp aff_a700s_firmware -
netapp data_availability_services -
netapp fas8700_firmware -
opensuse leap 15.1
netapp hci_storage_node -
netapp steelstore_cloud_integrated_storage -
CVE-2019-19044 HIGH

Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-401,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
netapp e-series_santricity_os_controller 11.60
canonical ubuntu_linux 19.10
netapp hci_baseboard_management_controller h610s
netapp e-series_santricity_os_controller 11.0
netapp e-series_santricity_os_controller 11.30
broadcom brocade_fabric_operating_system_firmware -
netapp e-series_santricity_os_controller 11.30.5r3
netapp solidfire_&_hci_management_node -
netapp e-series_santricity_os_controller 11.60.1
netapp e-series_santricity_os_controller 11.60.3
netapp e-series_santricity_os_controller 11.70.1
netapp e-series_santricity_os_controller 11.20
netapp data_availability_services -
canonical ubuntu_linux 18.04
netapp cloud_backup -
netapp e-series_santricity_os_controller 11.50.1
netapp fas/aff_baseboard_management_controller -
netapp solidfire,_enterprise_sds_&_hci_storage_node -
netapp solidfire_baseboard_management_controller_firmware -
netapp e-series_santricity_os_controller 11.0.0
linux linux_kernel *
netapp e-series_santricity_os_controller 11.40
netapp hci_compute_node_firmware -
netapp e-series_santricity_os_controller 11.40.5
netapp e-series_santricity_os_controller 11.70.2
netapp e-series_santricity_os_controller 11.50.2
netapp e-series_santricity_os_controller 11.40.3r2
netapp e-series_santricity_os_controller 11.60.0
netapp e-series_santricity_os_controller 11.25
netapp aff_baseboard_management_controller -
netapp steelstore_cloud_integrated_storage -
CVE-2019-19050 HIGH

A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-401,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
broadcom fabric_operating_system -
canonical ubuntu_linux 19.10
linux linux_kernel *
netapp hci_management_node -
netapp h610s_firmware -
netapp hci_compute_node -
netapp fas8300_firmware -
netapp solidfire -
linux linux_kernel 5.5
netapp aff_a400_firmware -
netapp e-series_santricity_os_controller *
netapp aff_a700s_firmware -
fedoraproject fedora 30
netapp data_availability_services -
canonical ubuntu_linux 18.04
netapp fas8700_firmware -
netapp hci_storage_node -
netapp steelstore_cloud_integrated_storage -
fedoraproject fedora 31
CVE-2019-19052 HIGH

A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-401,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
netapp e-series_santricity_os_controller 11.60
canonical ubuntu_linux 19.10
canonical ubuntu_linux 16.04
canonical ubuntu_linux 19.04
netapp hci_baseboard_management_controller h610s
netapp e-series_santricity_os_controller 11.0
oracle sd-wan_edge 8.2
netapp e-series_santricity_os_controller 11.30
broadcom brocade_fabric_operating_system_firmware -
canonical ubuntu_linux 14.04
netapp e-series_santricity_os_controller 11.30.5r3
netapp solidfire_&_hci_management_node -
netapp e-series_santricity_os_controller 11.60.1
netapp e-series_santricity_os_controller 11.60.3
netapp e-series_santricity_os_controller 11.70.1
netapp e-series_santricity_os_controller 11.20
netapp data_availability_services -
canonical ubuntu_linux 18.04
netapp cloud_backup -
opensuse leap 15.1
netapp e-series_santricity_os_controller 11.50.1
debian debian_linux 8.0
netapp fas/aff_baseboard_management_controller -
netapp solidfire,_enterprise_sds_&_hci_storage_node -
netapp solidfire_baseboard_management_controller_firmware -
netapp e-series_santricity_os_controller 11.0.0
linux linux_kernel *
netapp e-series_santricity_os_controller 11.40
netapp hci_compute_node_firmware -
netapp e-series_santricity_os_controller 11.40.5
netapp e-series_santricity_os_controller 11.70.2
netapp e-series_santricity_os_controller 11.50.2
netapp e-series_santricity_os_controller 11.40.3r2
netapp e-series_santricity_os_controller 11.60.0
netapp e-series_santricity_os_controller 11.25
netapp aff_baseboard_management_controller -
netapp steelstore_cloud_integrated_storage -
CVE-2019-19053 HIGH

A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-401,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
netapp e-series_santricity_os_controller 11.60
canonical ubuntu_linux 19.10
netapp hci_baseboard_management_controller h610s
netapp e-series_santricity_os_controller 11.0
netapp e-series_santricity_os_controller 11.30
broadcom brocade_fabric_operating_system_firmware -
netapp e-series_santricity_os_controller 11.30.5r3
netapp solidfire_&_hci_management_node -
netapp e-series_santricity_os_controller 11.60.1
netapp e-series_santricity_os_controller 11.60.3
netapp e-series_santricity_os_controller 11.70.1
netapp e-series_santricity_os_controller 11.20
netapp data_availability_services -
canonical ubuntu_linux 18.04
netapp cloud_backup -
netapp e-series_santricity_os_controller 11.50.1
netapp fas/aff_baseboard_management_controller -
netapp solidfire,_enterprise_sds_&_hci_storage_node -
netapp solidfire_baseboard_management_controller_firmware -
netapp e-series_santricity_os_controller 11.0.0
linux linux_kernel *
netapp e-series_santricity_os_controller 11.40
netapp hci_compute_node_firmware -
netapp e-series_santricity_os_controller 11.40.5
netapp e-series_santricity_os_controller 11.70.2
netapp e-series_santricity_os_controller 11.50.2
netapp e-series_santricity_os_controller 11.40.3r2
netapp e-series_santricity_os_controller 11.60.0
netapp e-series_santricity_os_controller 11.25
netapp aff_baseboard_management_controller -
netapp steelstore_cloud_integrated_storage -
CVE-2019-19054 MEDIUM

A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.0 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
netapp e-series_santricity_os_controller 11.60
canonical ubuntu_linux 16.04
netapp hci_baseboard_management_controller h610s
netapp e-series_santricity_os_controller 11.0
canonical ubuntu_linux 20.04
netapp e-series_santricity_os_controller 11.30
broadcom brocade_fabric_operating_system_firmware -
canonical ubuntu_linux 14.04
netapp e-series_santricity_os_controller 11.30.5r3
netapp solidfire_&_hci_management_node -
netapp e-series_santricity_os_controller 11.60.1
netapp e-series_santricity_os_controller 11.60.3
netapp e-series_santricity_os_controller 11.70.1
fedoraproject fedora 30
netapp e-series_santricity_os_controller 11.20
netapp data_availability_services -
canonical ubuntu_linux 18.04
netapp cloud_backup -
opensuse leap 15.1
netapp e-series_santricity_os_controller 11.50.1
netapp fas/aff_baseboard_management_controller -
netapp solidfire,_enterprise_sds_&_hci_storage_node -
netapp solidfire_baseboard_management_controller_firmware -
netapp e-series_santricity_os_controller 11.0.0
linux linux_kernel *
netapp e-series_santricity_os_controller 11.40
netapp hci_compute_node_firmware -
netapp e-series_santricity_os_controller 11.40.5
netapp e-series_santricity_os_controller 11.70.2
netapp e-series_santricity_os_controller 11.50.2
netapp e-series_santricity_os_controller 11.40.3r2
netapp e-series_santricity_os_controller 11.60.0
netapp e-series_santricity_os_controller 11.25
netapp aff_baseboard_management_controller -
netapp steelstore_cloud_integrated_storage -
fedoraproject fedora 31
CVE-2019-19057 LOW

Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-401,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
netapp e-series_santricity_os_controller 11.60
canonical ubuntu_linux 19.10
canonical ubuntu_linux 16.04
netapp hci_baseboard_management_controller h610s
netapp e-series_santricity_os_controller 11.0
netapp e-series_santricity_os_controller 11.30
broadcom brocade_fabric_operating_system_firmware -
canonical ubuntu_linux 14.04
netapp e-series_santricity_os_controller 11.30.5r3
netapp solidfire_&_hci_management_node -
netapp e-series_santricity_os_controller 11.60.1
netapp e-series_santricity_os_controller 11.60.3
netapp e-series_santricity_os_controller 11.70.1
fedoraproject fedora 30
netapp e-series_santricity_os_controller 11.20
netapp data_availability_services -
canonical ubuntu_linux 18.04
netapp cloud_backup -
opensuse leap 15.1
netapp e-series_santricity_os_controller 11.50.1
debian debian_linux 8.0
netapp fas/aff_baseboard_management_controller -
netapp solidfire,_enterprise_sds_&_hci_storage_node -
netapp solidfire_baseboard_management_controller_firmware -
netapp e-series_santricity_os_controller 11.0.0
linux linux_kernel *
netapp e-series_santricity_os_controller 11.40
netapp hci_compute_node_firmware -
netapp e-series_santricity_os_controller 11.40.5
netapp e-series_santricity_os_controller 11.70.2
netapp e-series_santricity_os_controller 11.50.2
netapp e-series_santricity_os_controller 11.40.3r2
netapp e-series_santricity_os_controller 11.60.0
netapp e-series_santricity_os_controller 11.25
netapp aff_baseboard_management_controller -
netapp steelstore_cloud_integrated_storage -
fedoraproject fedora 31
CVE-2019-19060 HIGH

A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-401,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
netapp e-series_santricity_os_controller 11.60
canonical ubuntu_linux 19.10
canonical ubuntu_linux 16.04
canonical ubuntu_linux 19.04
netapp hci_baseboard_management_controller h610s
netapp e-series_santricity_os_controller 11.0
netapp e-series_santricity_os_controller 11.30
broadcom brocade_fabric_operating_system_firmware -
canonical ubuntu_linux 14.04
netapp e-series_santricity_os_controller 11.30.5r3
netapp solidfire_&_hci_management_node -
netapp e-series_santricity_os_controller 11.60.1
netapp e-series_santricity_os_controller 11.60.3
netapp e-series_santricity_os_controller 11.70.1
netapp e-series_santricity_os_controller 11.20
netapp data_availability_services -
canonical ubuntu_linux 18.04
netapp cloud_backup -
opensuse leap 15.1
netapp e-series_santricity_os_controller 11.50.1
netapp fas/aff_baseboard_management_controller -
netapp solidfire,_enterprise_sds_&_hci_storage_node -
netapp solidfire_baseboard_management_controller_firmware -
netapp e-series_santricity_os_controller 11.0.0
linux linux_kernel *
netapp e-series_santricity_os_controller 11.40
netapp hci_compute_node_firmware -
netapp e-series_santricity_os_controller 11.40.5
netapp e-series_santricity_os_controller 11.70.2
netapp e-series_santricity_os_controller 11.50.2
netapp e-series_santricity_os_controller 11.40.3r2
netapp e-series_santricity_os_controller 11.60.0
netapp e-series_santricity_os_controller 11.25
netapp aff_baseboard_management_controller -
netapp steelstore_cloud_integrated_storage -
CVE-2019-19061 HIGH

A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-401,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
netapp e-series_santricity_os_controller 11.60
canonical ubuntu_linux 19.10
canonical ubuntu_linux 16.04
netapp hci_baseboard_management_controller h610s
netapp e-series_santricity_os_controller 11.0
netapp e-series_santricity_os_controller 11.30
broadcom brocade_fabric_operating_system_firmware -
canonical ubuntu_linux 14.04
netapp e-series_santricity_os_controller 11.30.5r3
netapp solidfire_&_hci_management_node -
netapp e-series_santricity_os_controller 11.60.1
netapp e-series_santricity_os_controller 11.60.3
netapp e-series_santricity_os_controller 11.70.1
netapp e-series_santricity_os_controller 11.20
netapp data_availability_services -
canonical ubuntu_linux 18.04
netapp cloud_backup -
netapp e-series_santricity_os_controller 11.50.1
netapp fas/aff_baseboard_management_controller -
netapp solidfire,_enterprise_sds_&_hci_storage_node -
netapp solidfire_baseboard_management_controller_firmware -
netapp e-series_santricity_os_controller 11.0.0
linux linux_kernel *
netapp e-series_santricity_os_controller 11.40
netapp hci_compute_node_firmware -
netapp e-series_santricity_os_controller 11.40.5
netapp e-series_santricity_os_controller 11.70.2
netapp e-series_santricity_os_controller 11.50.2
netapp e-series_santricity_os_controller 11.40.3r2
netapp e-series_santricity_os_controller 11.60.0
netapp e-series_santricity_os_controller 11.25
netapp aff_baseboard_management_controller -
netapp steelstore_cloud_integrated_storage -
CVE-2019-19063 MEDIUM

Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 0.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
netapp e-series_santricity_os_controller 11.60
canonical ubuntu_linux 19.10
canonical ubuntu_linux 16.04
netapp hci_baseboard_management_controller h610s
netapp e-series_santricity_os_controller 11.0
oracle sd-wan_edge 8.2
netapp e-series_santricity_os_controller 11.30
broadcom brocade_fabric_operating_system_firmware -
canonical ubuntu_linux 14.04
netapp e-series_santricity_os_controller 11.30.5r3
netapp solidfire_&_hci_management_node -
netapp e-series_santricity_os_controller 11.60.1
netapp e-series_santricity_os_controller 11.60.3
netapp e-series_santricity_os_controller 11.70.1
fedoraproject fedora 30
netapp e-series_santricity_os_controller 11.20
netapp data_availability_services -
canonical ubuntu_linux 18.04
netapp cloud_backup -
opensuse leap 15.1
netapp e-series_santricity_os_controller 11.50.1
netapp fas/aff_baseboard_management_controller -
netapp solidfire,_enterprise_sds_&_hci_storage_node -
netapp solidfire_baseboard_management_controller_firmware -
netapp e-series_santricity_os_controller 11.0.0
linux linux_kernel *
netapp e-series_santricity_os_controller 11.40
netapp hci_compute_node_firmware -
netapp e-series_santricity_os_controller 11.40.5
netapp e-series_santricity_os_controller 11.70.2
netapp e-series_santricity_os_controller 11.50.2
netapp e-series_santricity_os_controller 11.40.3r2
netapp e-series_santricity_os_controller 11.60.0
netapp e-series_santricity_os_controller 11.25
netapp aff_baseboard_management_controller -
netapp steelstore_cloud_integrated_storage -
fedoraproject fedora 31
CVE-2019-19069 HIGH

A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-401,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
broadcom fabric_operating_system -
canonical ubuntu_linux 19.10
linux linux_kernel *
netapp hci_management_node -
netapp h610s_firmware -
netapp hci_compute_node -
netapp fas8300_firmware -
netapp solidfire -
netapp aff_a400_firmware -
netapp e-series_santricity_os_controller *
linux linux_kernel 5.4
netapp aff_a700s_firmware -
netapp data_availability_services -
canonical ubuntu_linux 18.04
netapp fas8700_firmware -
netapp hci_storage_node -
netapp steelstore_cloud_integrated_storage -
CVE-2019-19230 HIGH

An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
vuln@ca.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
broadcom nolio 6.6
CVE-2019-19231 MEDIUM

An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agent for Windows that can allow a local attacker to gain escalated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
vuln@ca.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-65,NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom ca_client_automation 14.0
broadcom ca_client_automation 14.3
broadcom ca_client_automation 14.1
broadcom ca_client_automation 14.2
CVE-2019-19518 HIGH

CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
broadcom ca_automic_sysload *
CVE-2019-19544 HIGH

CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setuid root, that allows local attackers to elevate privileges. This vulnerability was reported to CA several years after CA Automic Dollar Universe 5.3.3 reached End of Life (EOL) status on April 1, 2015.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
broadcom ca_automic_dollar_universe 5.3.3
CVE-2019-25013 HIGH

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
broadcom fabric_operating_system -
fedoraproject fedora 32
gnu glibc *
debian debian_linux 10.0
netapp service_processor -
netapp 500f_firmware -
netapp ontap_select_deploy_administration_utility -
netapp a250_firmware -
fedoraproject fedora 33
CVE-2019-6504 MEDIUM

Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
broadcom automic_workload_automation *
CVE-2019-7392 MEDIUM

An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
broadcom privileged_access_manager *
CVE-2019-8376 MEDIUM

An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
fedoraproject fedora 28
broadcom tcpreplay 4.3.1
fedoraproject fedora 30
fedoraproject fedora 29
CVE-2019-8377 MEDIUM

An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
fedoraproject fedora 32
fedoraproject fedora 28
broadcom tcpreplay 4.3.1
fedoraproject fedora 30
fedoraproject fedora 29
fedoraproject fedora 31
CVE-2019-8381 MEDIUM

An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fedoraproject fedora 28
broadcom tcpreplay 4.3.1
fedoraproject fedora 30
fedoraproject fedora 29
CVE-2019-9500 HIGH

The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
linux linux_kernel *
broadcom brcmfmac_driver -
CVE-2019-9501 HIGH

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cret@cert.org 7.9 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.2 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
synology router_manager 1.2
broadcom bcm4339_firmware -
CVE-2019-9502 HIGH

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cret@cert.org 7.9 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.2 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
synology router_manager 1.2
broadcom bcm4339_firmware -
CVE-2019-9503 HIGH

The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cret@cert.org 7.9 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.2 6.0
nvd@nist.gov 8.3 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 1.6 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_linux 7.0
broadcom brcmfmac_driver -
redhat enterprise_linux 6.0
CVE-2020-11658 HIGH

CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-639,

Products Affected

Vendor Product Version
broadcom ca_api_developer_portal *
CVE-2020-11659 MEDIUM

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-639,

Products Affected

Vendor Product Version
broadcom ca_api_developer_portal *
CVE-2020-11660 MEDIUM

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom ca_api_developer_portal *
CVE-2020-11661 MEDIUM

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom ca_api_developer_portal *
CVE-2020-11662 MEDIUM

CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom ca_api_developer_portal *
CVE-2020-11663 MEDIUM

CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
broadcom ca_api_developer_portal *
CVE-2020-11664 MEDIUM

CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
broadcom ca_api_developer_portal *
CVE-2020-11665 MEDIUM

CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
broadcom ca_api_developer_portal *
CVE-2020-11666 MEDIUM

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom ca_api_developer_portal *
CVE-2020-12243 MEDIUM

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
netapp h700s_firmware -
canonical ubuntu_linux 19.10
netapp h700e_firmware -
netapp h410c_firmware -
canonical ubuntu_linux 16.04
apple mac_os_x 10.13.6
canonical ubuntu_linux 20.04
canonical ubuntu_linux 14.04
oracle solaris 10
broadcom brocade_fabric_operating_system -
netapp h500e_firmware -
debian debian_linux 9.0
canonical ubuntu_linux 18.04
netapp cloud_backup -
opensuse leap 15.1
debian debian_linux 8.0
oracle zfs_storage_appliance_kit 8.8
netapp h300e_firmware -
netapp h300s_firmware -
apple mac_os_x *
oracle solaris 11
netapp h500s_firmware -
netapp h410s_firmware -
debian debian_linux 10.0
apple mac_os_x 10.14.6
openldap openldap *
netapp steelstore_cloud_integrated_storage -
CVE-2020-12594 HIGH

A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom symantec_messaging_gateway *
CVE-2020-12595 MEDIUM

An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom symantec_messaging_gateway *
CVE-2020-12695 HIGH

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H 2.2 4.7

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
hp envy_4524_f0v71b -
epson xp-8500 -
hp envy_photo_6234_k7s21b -
hp envy_7640 -
hp hp_deskjet_ink_advantage_4535_f0v64a -
hp deskjet_ink_advantage_4535_f0v64c -
hp envy_photo_7800_k7s00a -
hp hp_envy_4520_f0v63b -
hp hp_officejet_4655_k9v79a -
hp hp_envy_4520_e6g67b -
hp hp_envy_4511_k9h50a -
hp hp_envy_4512_k9h49a -
hp hp_officejet_4654_f1j06b -
hp hp_officejet_4655_f1j00a -
hp envy_5541_k7g89a -
hp officejet_4656_k9v81b -
hp envy_5532 -
hp hp_officejet_4650_e6g87a -
hp deskjet_ink_advantage_4675_f1h97c -
hp envy_4509_d3p94b -
hp envy_5540_g0v53a -
hp envy_100_cn519b -
hp deskjet_ink_advantage_3546_a9t82a -
hp envy_6020_5se16b -
hp hp_deskjet_ink_advantage_4536_f0v65a -
hp hp_officejet_4650_f1h96a -
hp deskjet_ink_advantage_4675_f1h97a -
hp envy_120_cz022b -
hp envy_4500_a9t80a -
netgear wnhde111 -
hp deskjet_ink_advantage_4676_f1h98a -
hp envy_4509_d3p94a -
cisco wap351 -
hp envy_4502_a9t87b -
hp envy_5539 -
epson xp-2101 -
hp 5020_z4a69a -
hp envy_5534 -
hp envy_110_cq809b -
hp 5660_f8b04a -
hp hp_envy_4524_f0v72b -
epson xp-620 -
hp deskjet_ink_advantage_3545_a9t83b -
hp envy_100_cn517b -
hp envy_5642_b9s64a -
hp envy_5540_g0v52a -
hp envy_4524_k9t01a -
hp deskjet_ink_advantage_4518 -
hp hp_deskjet_ink_advantage_4535_f0v64c -
w1.fi hostapd *
epson xp-960 -
epson xp-2105 -
hp envy_5544_k7c93a -
hp envy_5020_m2u91b -
hp envy_5643_b9s63a -
hp hp_deskjet_ink_advantage_4538_f0v66b -
hp envy_4528_k9t08b -
tp-link archer_c50 -
hp envy_6020_6wd35a -
hp envy_100_cn517c -
hp officejet_4655_f1j00a -
hp deskjet_ink_advantage_3456_a9t84c -
dell b1165nfw -
asus rt-n11 -
hp officejet_4652_f1j02a -
hp hp_deskjet_ink_advantage_4678_f1h99b -
cisco wap131 -
hp hp_envy_4524_k9t01a -
epson xp-340 -
nec wr8165n -
hp envy_pro_6420_5se46a -
fedoraproject fedora 32
hp envy_5000_m2u91a -
hp envy_pro_6420_6wd14a -
hp deskjet_ink_advantage_5575_g0v48b -
hp envy_photo_7100_3xd89a -
hp envy_4516_k9h52a -
hp hp_officejet_4650_f1h96b -
hp hp_envy_4516_k9h52a -
huawei hg255s -
hp envy_4504_a9t88b -
hp envy_5540_g0v51a -
hp envy_5547_j6u64a -
hp hp_officejet_4657_v6d29b -
epson xp-4105 -
hp envy_4501_c8d05a -
hp deskjet_ink_advantage_4535_f0v64a -
hp envy_4520_f0v63a -
ruckussecurity zonedirector_1200 -
hp envy_photo_7800_y0g42d -
hp envy_4500_a9t80b -
hp envy_5664_f8b08a -
hp envy_100_cn518a -
hp envy_110_cq809c -
hp envy_4500_d3p93a -
cisco wap150 -
hp envy_5000_m2u85a -
hp hp_envy_4520_f0v69a -
hp hp_envy_4521_k9t10b -
hp deskjet_ink_advantage_5575_g0v48c -
hp hp_officejet_4655_k9v82b -
hp envy_5665_f8b06a -
hp hp_officejet_4652_k9v84b -
hp envy_100_cn517a -
hp envy_5646_f8b05a -
hp officejet_4658_v6d30b -
hp envy_7644_e4w46a -
hp envy_4522_f0v67a -
hp 5030_z4a70a -
hp hp_envy_4522_f0v67a -
dlink dvg-n5412sp -
hp envy_5540_g0v47a -
hp hp_envy_4526_k9t05b -
hp envy_5000_z4a74a -
hp envy_5640_b9s58a -
hp officejet_4655_k9v79a -
hp envy_photo_7100_k7g93a -
hp envy_4502_a9t85a -
hp envy_photo_6252_k7g22a -
hp envy_4512_k9h49a -
hp envy_4523_j6u60b -
hp hp_deskjet_ink_advantage_4676_f1h98a -
epson xp-320 -
hp officejet_4652_k9v84b -
hp envy_114_cq812a -
hp envy_5000_m2u85b -
hp deskjet_ink_advantage_4538_f0v66b -
ui unifi_controller -
hp envy_120_cz022c -
zyxel vmg8324-b10a -
hp envy_4521_k9t10b -
hp deskjet_ink_advantage_4515 -
epson ew-m970a3t -
hp envy_photo_7120_z3m41d -
hp envy_pro_6452_5se47a -
debian debian_linux 10.0
hp envy_photo_7830_y0g50b -
hp envy_photo_6200_k7s21b -
hp hp_envy_4520_e6g67a -
hp envy_5000_m2u91a *
hp envy_4500_a9t89a -
hp hp_officejet_4658_v6d30b -
hp envy_4507_e6g70b -
hp envy_photo_7800_k7s10d -
hp envy_5530 -
hp envy_5531 -
hp envy_photo_6230_k7g25b -
hp envy_4525_k9t09b -
hp officejet_4650_f1h96b -
hp envy_111_cq810a -
hp hp_deskjet_ink_advantage_4675_f1h97a -
microsoft xbox_one 10.0.19041.2494
hp envy_4505_a9t86a -
hp envy_4526_k9t05b -
hp envy_photo_7800_k7r96a -
hp envy_4511_k9h50a -
hp envy_5536 -
huawei hg532e -
hp deskjet_ink_advantage_3545_a9t81c -
hp hp_deskjet_ink_advantage_4535_f0v64b -
hp hp_deskjet_ink_advantage_4675_f1h97b -
hp hp_envy_4525_k9t09b -
hp envy_photo_7155_z3m52a -
hp envy_photo_6200_y0k13d_ -
hp officejet_4654_f1j07b -
hp hp_envy_4513_k9h51a -
epson m571t -
hp deskjet_ink_advantage_3545_a9t81a -
hp envy_5000_z4a54a -
hp envy_photo_7822_y0g42d -
hp envy_pro_6420_6wd16a -
hp envy_photo_7100_k7g99a -
canonical ubuntu_linux 20.04
hp envy_4520_e6g67b -
epson xp-330 -
hp deskjet_ink_advantage_3548_a9t81b -
epson xp-100 -
hp envy_4513_k9h51a -
zte zxv10_w300 -
hp envy_4503_e6g71b -
debian debian_linux 9.0
hp envy_photo_7822_y0g43d -
hp envy_pro_6420_5se45b -
epson ep-101 -
hp 5030_m2u92b -
hp envy_5535 -
hp officejet_4652_f1j05b -
hp envy_5546_k7c90a -
hp envy_photo_6220_k7g21b -
hp envy_photo_7100_z3m52a -
epson xp-4100 -
microsoft windows_10 -
hp envy_photo_7800_y0g52b -
hp envy_4520_f0v63b -
hp envy_photo_7164_k7g99a -
hp deskjet_ink_advantage_4536_f0v65a -
hp envy_photo_7100_z3m37a -
hp envy_4520_e6g67a -
hp hp_envy_4527_j6u61b -
fedoraproject fedora 31
zyxel amg1202-t10b -
hp envy_5644_b9s65a -
hp envy_photo_6220_k7g20d -
hp hp_officejet_4652_f1j02a -
hp envy_photo_6200_y0k15a -
hp envy_4508_e6g72b -
hp envy_110_cq812c -
epson xp-241 -
hp deskjet_ink_advantage_4675_f1h97b -
hp envy_4504_c8d04a -
hp envy_5542_k7c88a -
canon selphy_cp1200 -
hp envy_5548_k7g87a -
hp envy_4524_f0v72b -
epson xp-440 -
hp envy_photo_6200_k7g18a -
hp hp_deskjet_ink_advantage_4675_f1h97c -
hp hp_envy_4520_f0v63a -
hp 5034_z4a74a -
hp envy_photo_6222_y0k14d -
hp hp_envy_4523_j6u60b -
hp envy_5544_k7c89a -
hp envy_114_cq811b -
hp envy_110_cq809d -
hp envy_5545_g0v50a -
epson xp-8600 -
hp envy_4520_f0v69a -
hp envy_5000_m2u94b -
epson xp-970 -
hp envy_7645_e4w44a -
hp hp_officejet_4652_f1j05b -
hp envy_100_cn519a -
epson xp-630 -
hp envy_110_cq809a -
hp hp_envy_4524_f0v71b -
hp envy_5540_k7c85a -
hp hp_envy_4528_k9t08b -
hp envy_5540_f2e72a -
hp envy_6052_5se18a -
hp envy_120_cz022a -
hp envy_6055_5se16a -
hp officejet_4654_f1j06b -
hp deskjet_ink_advantage_4535_f0v64b -
hp envy_6020_5se17a -
hp envy_6540_b9s59a -
hp envy_4527_j6u61b -
hp envy_pro_6455_5se45a -
hp hp_officejet_4656_k9v81b -
hp envy_5640_b9s56a -
hp hp_officejet_4654_f1j07b -
hp officejet_4657_v6d29b -
hp envy_photo_6232_k7g26b -
hp envy_114_cq811a -
hp officejet_4650_e6g87a -
epson xp-702 -
hp envy_photo_6200_k7g26b -
hp envy_5543_n9u88a -
hp envy_photo_6222_y0k13d -
hp officejet_4655_k9v82b -
broadcom adsl -
hp deskjet_ink_advantage_4678_f1h99b -
hp officejet_4650_f1h96a -
hp envy_6020_7cz37a -
CVE-2020-12740 MEDIUM

tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
fedoraproject fedora 32
broadcom tcpreplay *
fedoraproject fedora 31
CVE-2020-13401 MEDIUM

An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L 1.8 3.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
fedoraproject fedora 32
docker engine *
debian debian_linux 10.0
fedoraproject fedora 31
broadcom sannav -
CVE-2020-13645 MEDIUM

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
gnome glib-networking *
broadcom fabric_operating_system -
fedoraproject fedora 32
canonical ubuntu_linux 19.10
canonical ubuntu_linux 16.04
gnome balsa 2.6.0
canonical ubuntu_linux 20.04
gnome balsa *
canonical ubuntu_linux 18.04
netapp cloud_backup -
fedoraproject fedora 31
CVE-2020-15369 MEDIUM

Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-521,

Products Affected

Vendor Product Version
broadcom fabric_operating_system 8.2.2a
broadcom fabric_operating_system 8.2.2
broadcom fabric_operating_system 8.2.1
broadcom fabric_operating_system 8.2.1d
broadcom fabric_operating_system 8.2.2b
broadcom fabric_operating_system 8.2.1c
broadcom fabric_operating_system 8.2.1a
broadcom fabric_operating_system 8.2.2a1
broadcom fabric_operating_system 8.2.1b
CVE-2020-15370 MEDIUM

Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2020-15371 HIGH

Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
broadcom fabric_operating_system 8.1.1a
broadcom fabric_operating_system 8.1.2c
broadcom fabric_operating_system 8.1.0a
broadcom fabric_operating_system 8.2.1d
broadcom fabric_operating_system 8.0.1b
broadcom fabric_operating_system 8.0.2b
broadcom fabric_operating_system 8.1.0c
broadcom fabric_operating_system 8.2.2a
broadcom fabric_operating_system 8.1.1
broadcom fabric_operating_system 8.0.2d
broadcom fabric_operating_system 8.1.2d
broadcom fabric_operating_system 8.1.2a
broadcom fabric_operating_system 8.2.1a
broadcom fabric_operating_system 8.1.2b
broadcom fabric_operating_system 8.2.1b
broadcom fabric_operating_system 8.0.0
broadcom fabric_operating_system 8.0.1
broadcom fabric_operating_system 8.0.1a
broadcom fabric_operating_system 8.2.2
broadcom fabric_operating_system 8.1.0
broadcom fabric_operating_system 8.0.2f
broadcom fabric_operating_system 8.0.2a
broadcom fabric_operating_system 8.1.2e
broadcom fabric_operating_system 8.1.0b
broadcom fabric_operating_system 8.2.0a
broadcom fabric_operating_system 8.1.2j
broadcom fabric_operating_system 8.1.2
broadcom fabric_operating_system 8.2.1
broadcom fabric_operating_system 8.2.2b
broadcom fabric_operating_system 8.0.2
broadcom fabric_operating_system 8.2.1c
broadcom fabric_operating_system 8.0.2c
broadcom fabric_operating_system 8.2.0
broadcom fabric_operating_system 8.2.2a1
broadcom fabric_operating_system 8.1.2f
CVE-2020-15372 LOW

A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-913,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2020-15373 HIGH

Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
broadcom fabric_operating_system 8.2.2a
broadcom fabric_operating_system 8.2.2
broadcom fabric_operating_system 8.2.1
broadcom fabric_operating_system 8.2.1d
broadcom fabric_operating_system 8.2.2b
broadcom fabric_operating_system 8.2.1c
broadcom fabric_operating_system 8.2.2c
broadcom fabric_operating_system 8.2.1a
broadcom fabric_operating_system 8.2.2a1
broadcom fabric_operating_system 8.2.1b
CVE-2020-15374 HIGH

Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom fabric_operating_system 8.2.2a
broadcom fabric_operating_system 8.2.2
broadcom fabric_operating_system 8.2.1
broadcom fabric_operating_system 8.2.1d
broadcom fabric_operating_system 8.2.2b
broadcom fabric_operating_system 8.2.1c
broadcom fabric_operating_system 8.2.2c
broadcom fabric_operating_system 8.2.1a
broadcom fabric_operating_system 8.2.2a1
broadcom fabric_operating_system 8.2.1b
CVE-2020-15375 MEDIUM

Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2020-15376 MEDIUM

Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2020-15377 HIGH

Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-918,

Products Affected

Vendor Product Version
broadcom sannav *
CVE-2020-15378 MEDIUM

The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom sannav *
CVE-2020-15379 MEDIUM

Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2020-15380 MEDIUM

Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
broadcom sannav *
CVE-2020-15381 MEDIUM

Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
broadcom sannav *
CVE-2020-15382 MEDIUM

Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2020-15383 MEDIUM

Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom fabric_operating_system 8.2.1
broadcom fabric_operating_system 8.2.1d
broadcom fabric_operating_system 8.2.2b
broadcom fabric_operating_system 8.2.1c
broadcom fabric_operating_system 8.2.2c
broadcom fabric_operating_system *
broadcom fabric_operating_system 8.2.1a
broadcom fabric_operating_system 8.2.2a1
broadcom fabric_operating_system 8.2.1b
CVE-2020-15384 MEDIUM

Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,

Products Affected

Vendor Product Version
broadcom sannav *
CVE-2020-15385 MEDIUM

Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom sannav *
CVE-2020-15386 MEDIUM

Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom fabric_operating_system 9.0.1
broadcom fabric_operating_system 9.0.0b
broadcom fabric_operating_system 8.2.3
broadcom fabric_operating_system 9.0.0a
CVE-2020-15387 MEDIUM

The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
broadcom fabric_operating_system 7.4.2d
broadcom fabric_operating_system 7.4.2f
broadcom brocade_sannav *
broadcom fabric_operating_system 7.4.2
broadcom fabric_operating_system 7.4.2g
broadcom fabric_operating_system 7.4.2b
broadcom fabric_operating_system 8.2.1
broadcom fabric_operating_system 7.4.2a
broadcom fabric_operating_system *
broadcom fabric_operating_system 7.4.2c
broadcom fabric_operating_system 8.2.1a
broadcom fabric_operating_system 8.2.1b
CVE-2020-15388 MEDIUM

A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom fabric_operating_system 8.2.0a
broadcom fabric_operating_system 8.2.3
broadcom fabric_operating_system *
broadcom fabric_operating_system 8.2.0
CVE-2020-15436 HIGH

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
netapp solidfire_baseboard_management_controller_firmware -
netapp fabric-attached_storage_a400_firmware -
netapp h615c_firmware -
netapp h410c_firmware -
linux linux_kernel *
netapp aff_500f_firmware -
netapp fas_500f_firmware -
netapp aff_8700_firmware -
netapp h610s_firmware -
netapp h610c_firmware -
netapp fas_8300_firmware -
netapp a250_firmware -
broadcom brocade_fabric_operating_system_firmware -
netapp solidfire_&_hci_management_node -
netapp aff_8300_firmware -
netapp fas_8700_firmware -
netapp aff_a400_firmware -
netapp a700s_firmware -
netapp cloud_backup -
CVE-2020-15778 MEDIUM

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
netapp solidfire -
broadcom fabric_operating_system -
openbsd openssh *
openbsd openssh 8.3
netapp hci_management_node -
netapp hci_compute_node -
netapp a700s_firmware -
netapp active_iq_unified_manager *
netapp hci_storage_node -
netapp steelstore_cloud_integrated_storage -
CVE-2020-18976 MEDIUM

Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-edit' binary. This issue is different than CVE-2019-8381.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
broadcom tcpreplay 4.3.2
CVE-2020-1927 MEDIUM

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,CWE-601,

Products Affected

Vendor Product Version
fedoraproject fedora 32
canonical ubuntu_linux 16.04
oracle instantis_enterprisetrack *
canonical ubuntu_linux 20.04
broadcom brocade_fabric_operating_system -
oracle communications_session_report_manager 8.2.0
apache http_server *
oracle communications_session_route_manager 8.2.1
netapp oncommand_unified_manager_core_package -
debian debian_linux 9.0
canonical ubuntu_linux 18.04
opensuse leap 15.1
oracle communications_element_manager 8.2.0
oracle communications_session_report_manager 8.1.1
oracle communications_session_route_manager 8.1.1
oracle communications_session_route_manager 8.2.0
oracle zfs_storage_appliance_kit 8.8
oracle communications_element_manager 8.2.1
oracle communications_session_report_manager 8.2.1
oracle communications_element_manager 8.1.1
oracle enterprise_manager_ops_center 12.4.0.0
oracle sd-wan_aware 8.2
debian debian_linux 10.0
fedoraproject fedora 31
CVE-2020-1967 MEDIUM

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
broadcom fabric_operating_system -
fedoraproject fedora 32
oracle enterprise_manager_for_storage_management 13.4.0.0
oracle enterprise_manager_base_platform 13.4.0.0
opensuse leap 15.2
oracle peoplesoft_enterprise_peopletools 8.59
oracle enterprise_manager_for_storage_management 13.3.0.0
oracle peoplesoft_enterprise_peopletools 8.56
oracle enterprise_manager_ops_center 12.4.0
netapp oncommand_workflow_automation -
fedoraproject fedora 30
debian debian_linux 9.0
oracle peoplesoft_enterprise_peopletools 8.58
opensuse leap 15.1
oracle http_server 12.2.1.4.0
netapp snapcenter -
oracle peoplesoft_enterprise_peopletools 8.57
netapp e-series_performance_analyzer -
tenable log_correlation_engine *
jdedwards enterpriseone *
freebsd freebsd 12.1
netapp active_iq_unified_manager *
oracle mysql_connectors *
oracle application_server 12.1.3
openssl openssl *
oracle mysql *
netapp oncommand_insight -
oracle jd_edwards_world_security a9.4
netapp smi-s_provider -
debian debian_linux 10.0
oracle mysql_enterprise_monitor *
oracle mysql_workbench *
netapp steelstore_cloud_integrated_storage -
fedoraproject fedora 31
CVE-2020-23273 MEDIUM

Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
broadcom tcpreplay 4.3.2
CVE-2020-24265 MEDIUM

An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 32
broadcom tcpreplay 4.3.3
fedoraproject fedora 31
fedoraproject fedora 33
CVE-2020-24266 MEDIUM

An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 32
broadcom tcpreplay 4.3.3
fedoraproject fedora 31
fedoraproject fedora 33
CVE-2020-28421 MEDIUM

CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom unified_infrastructure_management *
CVE-2020-29478 MEDIUM

CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-258,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom ca_service_catalog 17.3
broadcom ca_service_catalog 17.2
CVE-2020-29660 LOW

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-416,CWE-667,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
netapp solidfire_baseboard_management_controller_firmware -
broadcom fabric_operating_system -
fedoraproject fedora 32
netapp h410c_firmware -
linux linux_kernel *
netapp a400_firmware -
netapp 8300_firmware -
netapp 8700_firmware -
debian debian_linux 10.0
netapp a700s_firmware -
debian debian_linux 9.0
fedoraproject fedora 33
CVE-2020-29661 HIGH

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,CWE-667,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
netapp solidfire_baseboard_management_controller_firmware -
broadcom fabric_operating_system -
fedoraproject fedora 32
netapp h410c_firmware -
linux linux_kernel *
netapp a400_firmware -
netapp 8300_firmware -
netapp 8700_firmware -
oracle tekelec_platform_distribution *
debian debian_linux 10.0
netapp a700s_firmware -
debian debian_linux 9.0
fedoraproject fedora 33
CVE-2020-35493 MEDIUM

A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
netapp solidfire_&_hci_management_node -
netapp solidfire,_enterprise_sds_&_hci_storage_node -
fedoraproject fedora 32
netapp hci_compute_node_firmware -
gnu binutils *
netapp cloud_backup -
netapp ontap_select_deploy_administration_utility -
broadcom brocade_fabric_operating_system_firmware -
CVE-2020-35494 MEDIUM

There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 1.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-908,

Products Affected

Vendor Product Version
netapp solidfire_&_hci_management_node -
netapp solidfire,_enterprise_sds_&_hci_storage_node -
fedoraproject fedora 32
netapp hci_compute_node_firmware -
gnu binutils *
netapp cloud_backup -
netapp ontap_select_deploy_administration_utility -
broadcom brocade_fabric_operating_system_firmware -
CVE-2020-35495 MEDIUM

There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
netapp solidfire_&_hci_management_node -
netapp solidfire,_enterprise_sds_&_hci_storage_node -
fedoraproject fedora 32
netapp hci_compute_node_firmware -
gnu binutils *
netapp cloud_backup -
netapp ontap_select_deploy_administration_utility -
broadcom brocade_fabric_operating_system_firmware -
CVE-2020-35496 MEDIUM

There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
netapp solidfire_&_hci_management_node -
netapp solidfire,_enterprise_sds_&_hci_storage_node -
fedoraproject fedora 32
netapp hci_compute_node_firmware -
gnu binutils *
netapp cloud_backup -
netapp ontap_select_deploy_administration_utility -
broadcom brocade_fabric_operating_system_firmware -
CVE-2020-35507 MEDIUM

There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
netapp solidfire_&_hci_management_node -
netapp solidfire,_enterprise_sds_&_hci_storage_node -
broadcom brocade_fabric_operating_system -
netapp hci_compute_node_firmware -
gnu binutils *
netapp cloud_backup -
redhat enterprise_linux 8.0
netapp ontap_select_deploy_administration_utility -
CVE-2020-3993 MEDIUM

VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware cloud_foundation *
vmware nsx-t_data_center *
broadcom vmware_nsx-t_data_center *
CVE-2020-8010 HIGH

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom unified_infrastructure_management *
broadcom unified_infrastructure_management 20.1
CVE-2020-8011 MEDIUM

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
broadcom unified_infrastructure_management *
broadcom unified_infrastructure_management 20.1
CVE-2020-8012 HIGH

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
broadcom unified_infrastructure_management *
broadcom unified_infrastructure_management 20.1
CVE-2020-8648 LOW

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-416,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
netapp active_iq_unified_manager -
netapp hci_baseboard_management_controller h410c
linux linux_kernel *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
netapp cloud_backup -
opensuse leap 15.1
netapp solidfire_baseboard_management_controller -
debian debian_linux 8.0
broadcom brocade_fabric_operating_system_firmware -
CVE-2021-20197 LOW

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 1.0 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,CWE-59,CWE-362,

Products Affected

Vendor Product Version
netapp solidfire_&_hci_management_node -
gnu binutils *
netapp cloud_backup -
redhat enterprise_linux 8.0
netapp ontap_select_deploy_administration_utility -
broadcom brocade_fabric_operating_system_firmware -
CVE-2021-21981 MEDIUM

VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
vmware nsx-t_data_center 3.1.1
broadcom vmware_nsx-t_data_center 3.1.1
CVE-2021-22876 MEDIUM

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-359,CWE-200,

Products Affected

Vendor Product Version
fedoraproject fedora 34
broadcom fabric_operating_system -
fedoraproject fedora 32
netapp hci_management_node -
netapp hci_compute_node -
splunk universal_forwarder 9.1.0
oracle communications_billing_and_revenue_management 12.0.0.3.0
siemens sinec_infrastructure_network_services *
oracle essbase 21.2
netapp solidfire -
debian debian_linux 9.0
haxx libcurl *
netapp hci_storage_node -
splunk universal_forwarder *
fedoraproject fedora 33
CVE-2021-22890 MEDIUM

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-300,CWE-290,

Products Affected

Vendor Product Version
fedoraproject fedora 34
broadcom fabric_operating_system -
fedoraproject fedora 32
netapp hci_management_node -
splunk universal_forwarder 9.1.0
oracle communications_billing_and_revenue_management 12.0.0.3.0
siemens sinec_infrastructure_network_services *
oracle essbase 21.2
netapp solidfire -
debian debian_linux 9.0
haxx libcurl *
netapp hci_storage_node -
splunk universal_forwarder *
fedoraproject fedora 33
CVE-2021-23133 MEDIUM

A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
psirt@paloaltonetworks.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,CWE-362,

Products Affected

Vendor Product Version
netapp solidfire_baseboard_management_controller_firmware -
fedoraproject fedora 34
fedoraproject fedora 32
netapp h700s_firmware -
netapp h700e_firmware -
netapp h410c_firmware -
linux linux_kernel *
netapp h300e_firmware -
netapp solidfire_&_hci_management_node -
netapp h300s_firmware -
broadcom brocade_fabric_operating_system -
netapp h500s_firmware -
netapp h500e_firmware -
netapp h410s_firmware -
debian debian_linux 9.0
netapp cloud_backup -
fedoraproject fedora 33
CVE-2021-26313 LOW

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-208,CWE-203,

Products Affected

Vendor Product Version
intel core_i9-9900k -
intel core_i7-10700k -
intel xeon_silver_4214 -
debian debian_linux 10.0
intel core_i7-7700k -
broadcom bcm2711 -
xen xen *
arm cortex-a72 -
CVE-2021-26314 LOW

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-208,CWE-203,

Products Affected

Vendor Product Version
intel core_i9-9900k -
intel core_i7-10700k -
fedoraproject fedora 34
intel xeon_silver_4214 -
intel core_i7-7700k -
broadcom bcm2711 -
xen xen *
arm cortex-a72 -
fedoraproject fedora 33
CVE-2021-27218 MEDIUM

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-681,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
fedoraproject fedora 34
gnome glib *
netapp e-series_performance_analyzer -
debian debian_linux 9.0
netapp cloud_backup -
fedoraproject fedora 33
broadcom brocade_fabric_operating_system_firmware -
CVE-2021-27219 MEDIUM

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-681,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
fedoraproject fedora 34
gnome glib *
netapp e-series_performance_analyzer -
debian debian_linux 9.0
netapp cloud_backup -
fedoraproject fedora 33
broadcom brocade_fabric_operating_system_firmware -
CVE-2021-27789 MEDIUM

The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2021-27790 HIGH

The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2021-27791 MEDIUM

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2021-27792 HIGH

The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2021-27793 MEDIUM

ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
broadcom fabric_operating_system 9.0.1
broadcom fabric_operating_system 8.2.3
broadcom fabric_operating_system 9.0.1a
broadcom fabric_operating_system *
CVE-2021-27794 MEDIUM

A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2021-27795

Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 6.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H 1.6 4.7
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2021-27796 MEDIUM

A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem utilizing one of a few available binaries.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2021-27797 HIGH

Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2021-27798

A vulnerability in Brocade Fabric OS versions 7.4.1b and 7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions 7.4.1.x and 7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life published report.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
broadcom fabric_operating_system 7.4.1b
broadcom fabric_operating_system 7.3.1d
CVE-2021-28153 MEDIUM

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
gnome glib *
debian debian_linux 9.0
fedoraproject fedora 33
broadcom brocade_fabric_operating_system_firmware -
CVE-2021-28246 MEDIUM

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,CWE-426,

Products Affected

Vendor Product Version
broadcom ehealth *
CVE-2021-28248 MEDIUM

CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,CWE-307,

Products Affected

Vendor Product Version
broadcom ehealth *
CVE-2021-30648 HIGH

The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
broadcom symantec_advanced_secure_gateway_s200-30_firmware *
broadcom symantec_advanced_secure_gateway_s200-40_firmware *
broadcom symantec_advanced_secure_gateway_s400-40_firmware *
broadcom symantec_proxysg *
broadcom symantec_advanced_secure_gateway_s400-30_firmware *
broadcom symantec_advanced_secure_gateway_500-10_firmware *
broadcom symantec_advanced_secure_gateway_s400-20_firmware *
broadcom symantec_advanced_secure_gateway_s500-20_firmware *
CVE-2021-30650 MEDIUM

A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious code into the OTK web UI client application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
broadcom layer7_api_management_oauth_toolkit *
CVE-2021-30651 MEDIUM

A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom symantec_messaging_gateway *
CVE-2021-31879 MEDIUM

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
gnu wget *
netapp 500f_firmware -
netapp cloud_backup -
netapp ontap_select_deploy_administration_utility -
netapp a250_firmware -
broadcom brocade_fabric_operating_system_firmware -
CVE-2021-34174 MEDIUM

A vulnerability exists in Broadcom BCM4352 and BCM43684 chips. Any wireless router using BCM4352 and BCM43684 will be affected, such as ASUS AX6100. An attacker may cause a Denial of Service (DoS) to any device connected to BCM4352 or BCM43684 routers via an association or reassociation frame.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 0.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom bcm4352_firmware -
broadcom bcm43684_firmware -
CVE-2021-34798 MEDIUM

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
siemens sinema_server 14.0
netapp clustered_data_ontap -
oracle enterprise_manager_base_platform 13.4.0.0
debian debian_linux 11.0
siemens sinec_nms *
broadcom brocade_fabric_operating_system_firmware -
tenable tenable.sc *
oracle http_server 12.2.1.3.0
apache http_server *
debian debian_linux 9.0
fedoraproject fedora 35
oracle peoplesoft_enterprise_peopletools 8.58
netapp cloud_backup -
siemens ruggedcom_nms *
oracle http_server 12.2.1.4.0
fedoraproject fedora 34
oracle instantis_enterprisetrack 17.3
oracle zfs_storage_appliance_kit 8.8
netapp storagegrid -
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
debian debian_linux 10.0
oracle enterprise_manager_base_platform 13.5.0.0
oracle instantis_enterprisetrack 17.2
siemens sinema_remote_connect_server *
oracle instantis_enterprisetrack 17.1
CVE-2021-36160 MEDIUM

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
netapp clustered_data_ontap -
fedoraproject fedora 34
oracle enterprise_manager_base_platform 13.4.0.0
oracle instantis_enterprisetrack 17.3
oracle zfs_storage_appliance_kit 8.8
netapp storagegrid -
debian debian_linux 11.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
broadcom brocade_fabric_operating_system_firmware -
oracle http_server 12.2.1.3.0
debian debian_linux 10.0
apache http_server *
debian debian_linux 9.0
oracle enterprise_manager_base_platform 13.5.0.0
fedoraproject fedora 35
oracle peoplesoft_enterprise_peopletools 8.58
netapp cloud_backup -
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.1
oracle http_server 12.2.1.4.0
CVE-2021-40438 MEDIUM

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
f5 f5os *
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 7.7
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_eus 8.8
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2
broadcom brocade_fabric_operating_system_firmware -
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_for_arm_64 8.0
redhat enterprise_linux_for_power_little_endian_eus 8.8
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 7.6
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.8
redhat enterprise_linux_for_power_little_endian_eus 8.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_update_services_for_sap_solutions 7.7
redhat enterprise_linux_for_power_little_endian_eus 8.1
redhat enterprise_linux_update_services_for_sap_solutions 8.8
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
redhat enterprise_linux_update_services_for_sap_solutions 8.6
redhat enterprise_linux_for_ibm_z_systems_eus 8.1
redhat enterprise_linux_for_ibm_z_systems_eus_s390x 8.2
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_server 7.0
redhat enterprise_linux_for_power_big_endian 7.0
redhat enterprise_linux_server_tus 8.8
redhat enterprise_linux_workstation 7.0
siemens sinema_remote_connect_server 3.2
redhat enterprise_linux_for_power_little_endian 7.0
redhat enterprise_linux_for_scientific_computing 7.0
redhat enterprise_linux 8.0
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.1
redhat enterprise_linux_server_aus 8.6
siemens sinema_server 14.0
netapp clustered_data_ontap -
redhat software_collections 1.0
redhat enterprise_linux_update_services_for_sap_solutions 8.1
debian debian_linux 11.0
siemens sinec_nms *
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_server_aus 7.7
tenable tenable.sc *
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1
oracle http_server 12.2.1.3.0
redhat enterprise_linux_server_aus 7.4
apache http_server *
redhat enterprise_linux_for_ibm_z_systems 7.0_s390x
debian debian_linux 9.0
fedoraproject fedora 35
redhat enterprise_linux_for_arm_64_eus 8.8
netapp cloud_backup -
siemens ruggedcom_nms *
redhat enterprise_linux_for_arm_64_eus 8.6
resf rocky_linux 8.0
oracle http_server 12.2.1.4.0
redhat enterprise_linux_for_power_little_endian 8.0
fedoraproject fedora 34
redhat enterprise_linux_for_power_little_endian_eus 8.4
oracle secure_global_desktop 5.6
oracle instantis_enterprisetrack 17.3
oracle zfs_storage_appliance_kit 8.8
redhat enterprise_linux_server_aus 7.2
netapp storagegrid -
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_update_services_for_sap_solutions 7.6
redhat jboss_core_services 1.0
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server_aus 7.6
oracle enterprise_manager_ops_center 12.4.0.0
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_update_services_for_sap_solutions 8.4
debian debian_linux 10.0
redhat enterprise_linux_eus 8.1
redhat enterprise_linux_for_ibm_z_systems_eus 8.8
redhat enterprise_linux_update_services_for_sap_solutions 8.2
siemens sinema_remote_connect_server *
CVE-2021-4197 HIGH

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
netapp h300s_firmware -
netapp h700s_firmware -
netapp h500s_firmware -
netapp h410c_firmware -
linux linux_kernel *
netapp h410s_firmware -
oracle communications_cloud_native_core_binding_support_function 22.2.0
debian debian_linux 10.0
oracle communications_cloud_native_core_binding_support_function 22.1.3
oracle communications_cloud_native_core_binding_support_function 22.1.1
broadcom brocade_fabric_operating_system_firmware -
CVE-2021-42772 MEDIUM

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that could allow a user to attempt various attacks. In non-secure mode, the user is unauthenticated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
broadcom emulex_hba_manager *
broadcom one_command_manager *
CVE-2021-42773 MEDIUM

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom emulex_hba_manager *
CVE-2021-42774 HIGH

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks. In non-secure mode, the user is unauthenticated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
broadcom emulex_hba_manager *
CVE-2021-42775 MEDIUM

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In non-secure mode, the user is unauthenticated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom emulex_hba_manager *
CVE-2021-44050 MEDIUM

CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
broadcom ca_network_flow_analysis *
CVE-2021-45386 MEDIUM

tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
broadcom tcpreplay 4.3.4
CVE-2021-45387 MEDIUM

tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
broadcom tcpreplay 4.3.4
CVE-2021-46825 MEDIUM

Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
broadcom advanced_secure_gateway 7.3
broadcom proxysg 6.7
broadcom advanced_secure_gateway 6.7
broadcom proxysg 7.3
CVE-2022-2068 HIGH

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
netapp h700s_firmware -
netapp h410c_firmware -
debian debian_linux 11.0
netapp aff_8700_firmware -
netapp h610s_firmware -
siemens sinec_ins 1.0
broadcom sannav -
netapp fas_8700_firmware -
netapp aff_a400_firmware -
fedoraproject fedora 36
netapp snapmanager -
netapp fas_a400_firmware -
fedoraproject fedora 35
netapp h615c_firmware -
netapp element_software -
netapp hci_management_node -
netapp h610c_firmware -
siemens sinec_ins *
netapp fas_8300_firmware -
netapp bootstrap_os -
netapp solidfire -
netapp h300s_firmware -
netapp aff_8300_firmware -
openssl openssl *
netapp h500s_firmware -
netapp h410s_firmware -
netapp smi-s_provider -
debian debian_linux 10.0
netapp santricity_smi-s_provider -
netapp ontap_select_deploy_administration_utility -
netapp ontap_antivirus_connector -
CVE-2022-22689 MEDIUM

CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1236,CWE-1236,

Products Affected

Vendor Product Version
broadcom ca_harvest_software_change_manager 13.0.4
broadcom ca_harvest_software_change_manager 13.0.3
broadcom ca_harvest_software_change_manager 14.0.1
broadcom ca_harvest_software_change_manager 14.0.0
CVE-2022-23083 MEDIUM

NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
broadcom netmaster_network_management_for_tcp/ip 12.2
broadcom netmaster_file_transfer_management 12.2
CVE-2022-23302 MEDIUM

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
oracle communications_unified_inventory_management 7.4.2
apache log4j *
oracle business_intelligence 5.9.0.0.0
oracle healthcare_foundation 8.1.0
oracle enterprise_manager_base_platform 13.4.0.0
broadcom brocade_sannav -
oracle communications_offline_mediation_controller 12.0.0.5.0
oracle advanced_supply_chain_planning 12.1
oracle middleware_common_libraries_and_tools 12.2.1.4.0
oracle identity_management_suite 12.2.1.4.0
oracle business_intelligence 12.2.1.3.0
oracle business_intelligence 12.2.1.4.0
oracle communications_unified_inventory_management 7.4.1
oracle financial_services_revenue_management_and_billing_analytics 2.8.0.0
netapp snapmanager -
oracle weblogic_server 12.2.1.3.0
oracle hyperion_infrastructure_technology *
oracle business_process_management_suite 12.2.1.4.0
oracle identity_management_suite 12.2.1.3.0
qos reload4j *
oracle financial_services_revenue_management_and_billing_analytics 2.7.0.0
oracle financial_services_revenue_management_and_billing_analytics 2.7.0.1
oracle tuxedo 12.2.2.0.0
oracle communications_network_integrity 7.3.6
oracle business_process_management_suite 12.2.1.3.0
oracle jdeveloper 12.2.1.3.0
oracle e-business_suite_cloud_manager_and_cloud_backup_module *
oracle identity_manager_connector 11.1.1.5.0
oracle advanced_supply_chain_planning 12.2
oracle communications_offline_mediation_controller *
oracle communications_messaging_server 8.1
oracle weblogic_server 12.2.1.4.0
oracle mysql_enterprise_monitor *
oracle communications_eagle_ftp_table_base_retrieval 4.5
oracle communications_instant_messaging_server 10.0.1.5.0
oracle enterprise_manager_base_platform 13.5.0.0
oracle e-business_suite_cloud_manager_and_cloud_backup_module 2.2.1.1.1
oracle weblogic_server 14.1.1.0.0
oracle hyperion_data_relationship_management *
CVE-2022-23305 MEDIUM

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
oracle communications_unified_inventory_management 7.4.2
apache log4j *
oracle business_intelligence 5.9.0.0.0
oracle healthcare_foundation 8.1.0
oracle enterprise_manager_base_platform 13.4.0.0
broadcom brocade_sannav -
oracle communications_offline_mediation_controller 12.0.0.5.0
oracle advanced_supply_chain_planning 12.1
oracle retail_extract_transform_and_load 13.2.5
oracle middleware_common_libraries_and_tools 12.2.1.4.0
oracle identity_management_suite 12.2.1.4.0
oracle business_intelligence 12.2.1.3.0
oracle business_intelligence 12.2.1.4.0
oracle communications_unified_inventory_management 7.4.1
oracle financial_services_revenue_management_and_billing_analytics 2.8.0.0
netapp snapmanager -
oracle weblogic_server 12.2.1.3.0
oracle hyperion_infrastructure_technology *
oracle business_process_management_suite 12.2.1.4.0
oracle identity_management_suite 12.2.1.3.0
qos reload4j *
oracle financial_services_revenue_management_and_billing_analytics 2.7.0.0
oracle e-business_suite_information_discovery *
oracle financial_services_revenue_management_and_billing_analytics 2.7.0.1
oracle tuxedo 12.2.2.0.0
oracle communications_network_integrity 7.3.6
oracle business_process_management_suite 12.2.1.3.0
oracle jdeveloper 12.2.1.3.0
oracle e-business_suite_cloud_manager_and_cloud_backup_module *
oracle identity_manager_connector 11.1.1.5.0
oracle advanced_supply_chain_planning 12.2
oracle communications_offline_mediation_controller *
oracle communications_messaging_server 8.1
oracle weblogic_server 12.2.1.4.0
oracle mysql_enterprise_monitor *
oracle communications_eagle_ftp_table_base_retrieval 4.5
oracle communications_instant_messaging_server 10.0.1.5.0
oracle enterprise_manager_base_platform 13.5.0.0
oracle e-business_suite_cloud_manager_and_cloud_backup_module 2.2.1.1.1
oracle weblogic_server 14.1.1.0.0
oracle hyperion_data_relationship_management *
CVE-2022-23992 HIGH

XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
broadcom xcom_data_transport 11.6
CVE-2022-25484 MEDIUM

tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
broadcom tcpreplay 4.4.1
CVE-2022-25625

A malicious unauthorized PAM user can access the administration configuration data and change the values.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
broadcom symantec_privileged_access_management *
CVE-2022-25626

An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session.

Products Affected

Vendor Product Version
broadcom symantec_identity_governance_and_administration 14.4
broadcom symantec_identity_governance_and_administration 14.3
CVE-2022-25627

An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4

Products Affected

Vendor Product Version
broadcom symantec_identity_governance_and_administration 14.4
broadcom symantec_identity_governance_and_administration 14.3
CVE-2022-25628

An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4

Products Affected

Vendor Product Version
broadcom symantec_identity_governance_and_administration 14.4
broadcom symantec_identity_governance_and_administration 14.3
CVE-2022-25631

Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated

Products Affected

Vendor Product Version
broadcom symantec_endpoint_protection *
CVE-2022-27416 MEDIUM

Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
broadcom tcpreplay 4.4.1
CVE-2022-27418 MEDIUM

Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
broadcom tcpreplay 4.4.1
CVE-2022-27939 MEDIUM

tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 37
fedoraproject fedora 35
broadcom tcpreplay 4.4.1
CVE-2022-27940 MEDIUM

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 37
fedoraproject fedora 35
broadcom tcpreplay 4.4.1
CVE-2022-27941 MEDIUM

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 37
fedoraproject fedora 35
broadcom tcpreplay 4.4.1
CVE-2022-27942 MEDIUM

tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 37
fedoraproject fedora 35
broadcom tcpreplay 4.4.1
CVE-2022-28162 LOW

Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-312,

Products Affected

Vendor Product Version
broadcom sannav *
CVE-2022-28163 HIGH

In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
broadcom sannav *
CVE-2022-28164 MEDIUM

Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
broadcom sannav *
CVE-2022-28165 MEDIUM

A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
broadcom sannav *
CVE-2022-28166 MEDIUM

In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
broadcom sannav *
CVE-2022-28167 MEDIUM

Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
broadcom sannav *
CVE-2022-28168 MEDIUM

In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-922,

Products Affected

Vendor Product Version
broadcom sannav *
CVE-2022-28169

Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2022-28170

Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0

Products Affected

Vendor Product Version
broadcom fabric_operating_system 9.1.0
broadcom fabric_operating_system *
CVE-2022-28487 MEDIUM

Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 37
fedoraproject fedora 35
broadcom tcpreplay 4.4.1
CVE-2022-33178

A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2022-33179

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
broadcom fabric_operating_system 9.1.0
broadcom fabric_operating_system *
CVE-2022-33180

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
broadcom fabric_operating_system 9.1.0
broadcom fabric_operating_system *
CVE-2022-33181

An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
broadcom fabric_operating_system 9.1.0
broadcom fabric_operating_system *
CVE-2022-33182

A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2022-33183

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2022-33184

A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2022-33185

Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2022-33187

Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information.

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2022-33739 MEDIUM

CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-91,

Products Affected

Vendor Product Version
broadcom ca_clarity *
broadcom ca_clarity 15.9.0
CVE-2022-33750 HIGH

CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
broadcom ca_automic_automation 12.2
broadcom ca_automic_automation 12.3
CVE-2022-33751 MEDIUM

CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom ca_automic_automation 12.2
broadcom ca_automic_automation 12.3
CVE-2022-33752 HIGH

CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
broadcom ca_automic_automation 12.2
broadcom ca_automic_automation 12.3
CVE-2022-33753 MEDIUM

CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom ca_automic_automation 12.2
broadcom ca_automic_automation 12.3
CVE-2022-33754 HIGH

CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
broadcom ca_automic_automation 12.2
broadcom ca_automic_automation 12.3
CVE-2022-33755 MEDIUM

CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom ca_automic_automation 12.2
broadcom ca_automic_automation 12.3
CVE-2022-33756 MEDIUM

CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-331,

Products Affected

Vendor Product Version
broadcom ca_automic_automation 12.2
broadcom ca_automic_automation 12.3
CVE-2022-37016

Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

Products Affected

Vendor Product Version
broadcom symantec_endpoint_protection *
CVE-2022-37017

Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled.

Products Affected

Vendor Product Version
broadcom symantec_endpoint_protection *
CVE-2022-37047

The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 37
fedoraproject fedora 35
broadcom tcpreplay 4.4.1
CVE-2022-37048

The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 37
fedoraproject fedora 35
broadcom tcpreplay 4.4.1
CVE-2022-37049

The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 37
fedoraproject fedora 35
broadcom tcpreplay 4.4.1
CVE-2022-43933

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2022-43934

Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2022-43935

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 0.8 4.0

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2022-43936

Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 2.3 4.0

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2022-43937

Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 5.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 2.1 3.6

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2023-20868

NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.

Products Affected

Vendor Product Version
vmware nsx-t_data_center *
broadcom vmware_nsx-t_data_center *
CVE-2023-23949

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser.

Products Affected

Vendor Product Version
broadcom symantec_identity_governance_and_administration 14.3
broadcom symantec_identity_governance_and_administration 14.4.1
broadcom symantec_identity_governance_and_administration 14.4.2
broadcom symantec_identity_manager 14.3
broadcom symantec_identity_manager 14.4
CVE-2023-23950

User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses.

Products Affected

Vendor Product Version
broadcom symantec_identity_governance_and_administration 14.3
broadcom symantec_identity_governance_and_administration 14.4.1
broadcom symantec_identity_governance_and_administration 14.4.2
broadcom symantec_identity_manager 14.3
broadcom symantec_identity_manager 14.4
CVE-2023-23951

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application

Products Affected

Vendor Product Version
broadcom symantec_identity_governance_and_administration 14.3
broadcom symantec_identity_governance_and_administration 14.4.1
broadcom symantec_identity_governance_and_administration 14.4.2
broadcom symantec_identity_manager 14.3
broadcom symantec_identity_manager 14.4
CVE-2023-23952

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability.

Products Affected

Vendor Product Version
broadcom content_analysis *
broadcom advanced_secure_gateway *
CVE-2023-23953

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability.

Products Affected

Vendor Product Version
broadcom content_analysis *
broadcom advanced_secure_gateway *
CVE-2023-23954

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability.

Products Affected

Vendor Product Version
broadcom content_analysis *
broadcom advanced_secure_gateway *
CVE-2023-23955

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability.

Products Affected

Vendor Product Version
broadcom content_analysis *
broadcom advanced_secure_gateway *
CVE-2023-23956

A user can supply malicious HTML and JavaScript code that will be executed in the client browser

Products Affected

Vendor Product Version
broadcom symantec_siteminder_webagent 12.52
CVE-2023-27534

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
netapp h300s_firmware -
netapp h700s_firmware -
fedoraproject fedora 36
netapp h500s_firmware -
netapp h410s_firmware -
haxx curl *
splunk universal_forwarder *
splunk universal_forwarder 9.1.0
broadcom brocade_fabric_operating_system_firmware -
CVE-2023-27537

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
netapp clustered_data_ontap 9.0
netapp active_iq_unified_manager -
netapp h300s_firmware -
haxx libcurl 7.88.0
netapp h700s_firmware -
haxx libcurl 7.88.1
netapp h500s_firmware -
netapp h410s_firmware -
splunk universal_forwarder *
splunk universal_forwarder 9.1.0
broadcom brocade_fabric_operating_system_firmware -
CVE-2023-27538

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
netapp h700s_firmware -
splunk universal_forwarder 9.1.0
broadcom brocade_fabric_operating_system_firmware -
netapp clustered_data_ontap 9.0
netapp h300s_firmware -
fedoraproject fedora 36
netapp h500s_firmware -
netapp h410s_firmware -
debian debian_linux 10.0
haxx libcurl *
splunk universal_forwarder *
CVE-2023-27783

An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
broadcom tcpreplay 4.4.3
CVE-2023-27784

An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
broadcom tcpreplay 4.4.3
CVE-2023-27785

An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
broadcom tcpreplay 4.4.3
CVE-2023-27786

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
broadcom tcpreplay 4.4.3
CVE-2023-27787

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
broadcom tcpreplay 4.4.3
CVE-2023-27788

An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the ports2PORT function at the portmap.c:69 endpoint.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
broadcom tcpreplay 4.4.3
CVE-2023-27789

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
broadcom tcpreplay 4.4.3
CVE-2023-31096

An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM. This can also be used to bypass kernel-level protections such as AV or PPL, because exploit code runs with high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable driver) ransomware campaigns.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
broadcom lsi_pci-sv92ex_firmware *
CVE-2023-31423

Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an already collected Brocade SANnav "supportsave" outputs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
sirt@brocade.com 5.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 2.1 3.6

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2023-31424

Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
sirt@brocade.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2023-31425

A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
broadcom fabric_operating_system 9.1.0
CVE-2023-31426

The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N 2.3 4.0

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2023-31427

Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2023-31428

Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
broadcom brocade_fabric_operating_system *
broadcom brocade_fabric_operating_system 9.2.0
CVE-2023-31429

Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2023-31430

A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
broadcom brocade_fabric_operating_system *
broadcom brocade_fabric_operating_system 9.2.0
CVE-2023-31431

A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
broadcom brocade_fabric_operating_system *
broadcom brocade_fabric_operating_system 9.2.0
CVE-2023-31432

Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
broadcom brocade_fabric_operating_system *
CVE-2023-31925

Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
sirt@brocade.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2023-31926

System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
broadcom brocade_fabric_operating_system *
CVE-2023-31927

An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
broadcom brocade_fabric_operating_system *
CVE-2023-31928

A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
broadcom brocade_fabric_operating_system *
CVE-2023-3454

Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 3.9 4.7

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2023-3489

The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
sirt@brocade.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0

Products Affected

Vendor Product Version
broadcom fabric_operating_system 9.2.0
CVE-2023-37790

Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
broadcom clarity 14.3.0.298
CVE-2023-38709

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

Products Affected

Vendor Product Version
apple macos *
broadcom fabric_operating_system -
fedoraproject fedora 40
debian debian_linux 10.0
apache http_server *
netapp ontap_tools 10
fedoraproject fedora 38
netapp ontap 9
fedoraproject fedora 39
CVE-2023-4163

In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2023-4256

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
broadcom tcpreplay 4.4.4
fedoraproject extra_packages_for_enterprise_linux 8.0
broadcom tcpreplay 4.4.3
fedoraproject fedora 39
CVE-2023-4323

Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-4324

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-4325

Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-4326

Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-4327

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-43279

Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command.

Products Affected

Vendor Product Version
broadcom tcpreplay 4.4.4
fedoraproject fedora 40
fedoraproject fedora 38
fedoraproject fedora 39
CVE-2023-4328

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-4329

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-4331

Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-4332

Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-4333

Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-4334

Broadcom RAID Controller Web server (nginx) is serving private files without any authentication

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-4335

Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-4336

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-4337

Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-4338

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-4339

Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-4340

Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-4341

Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-4342

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-4343

Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-4344

Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-4345

Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
broadcom raid_controller_web_interface 51.12.0-2779
CVE-2023-5973

Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName contains reserved characters. This could allow an authenticated user to alter the UI of the Brocade Switch and change ports display.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2024-10403

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave.

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2024-10404

CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with administrative privileges could retrieve sensitive information including passwords; SNMP responses that contain AuthSecret and PrivSecret after collecting a “supportsave” or getting access to an already collected “supportsave”. NOTE: this issue exists because of an incomplete fix for CVE-2024-29952

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N 1.1 4.0

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-10405

Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a successful exploit, an attacker can read Brocade SANnav data stream that includes monitored Brocade Fabric OS switches performance data, port status, zoning information, WWNs, IP Addresses, but no customer data, no personal data and no secrets or passwords, as it travels across the network.

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-2240

Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks.

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-22654

tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
broadcom tcpreplay 4.4.4
CVE-2024-23613 HIGH

A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
disclosures@exodusintel.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-120,

Products Affected

Vendor Product Version
broadcom symantec_deployment_solutions 7.9
CVE-2024-23614 HIGH

A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
disclosures@exodusintel.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N 3.9 5.8
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-120,

Products Affected

Vendor Product Version
broadcom symantec_messaging_gateway *
CVE-2024-23615 HIGH

A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
disclosures@exodusintel.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-120,

Products Affected

Vendor Product Version
broadcom symantec_messaging_gateway *
CVE-2024-23616 HIGH

A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
disclosures@exodusintel.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-120,

Products Affected

Vendor Product Version
broadcom symantec_server_management_suite *
CVE-2024-23617 HIGH

A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
disclosures@exodusintel.com 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-120,

Products Affected

Vendor Product Version
broadcom symantec_data_center_security_server *
CVE-2024-24795

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

Products Affected

Vendor Product Version
apple macos *
broadcom fabric_operating_system -
fedoraproject fedora 40
debian debian_linux 10.0
apache http_server *
netapp ontap_tools 10
fedoraproject fedora 38
netapp ontap 9
fedoraproject fedora 39
CVE-2024-2859

By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-2860

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
broadcom brocade_sannav 2.3.1
broadcom brocade_sannav *
CVE-2024-29950

The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-29951

Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.1 3.6

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-29952

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-29953

A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded passwords.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2024-29954

A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 5.9 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N 1.5 4.0

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2024-29955

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 1.3 3.6

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-29956

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-29957

When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-29958

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to acquiring the encryption key.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-29959

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-29960

In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-29961

A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 3.9 4.2

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-29962

Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java binary.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-29963

Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-29964

Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-29965

In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N 2.3 4.0

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-29966

Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-29967

In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to these files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-29968

An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access the database structure and its contents.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 3.1 4.0

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-29969

When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-3596

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

Products Affected

Vendor Product Version
broadcom fabric_operating_system -
freeradius freeradius *
sonicwall sonicos -
broadcom brocade_sannav -
CVE-2024-38493

A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.

Products Affected

Vendor Product Version
broadcom symantec_privileged_access_management *
CVE-2024-4159

Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-4161

In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-4173

A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H 3.9 5.5

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-4282

Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2024-5460

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 1 queries to an affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
sirt@brocade.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2024-7516

A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin.

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2025-1053

Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANnav.

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2025-12679

A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key. Note: The vulnerability is only triggered during a migration and not in a new installation. The system audit logs are accessible only to a privileged user on the server. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.

Products Affected

Vendor Product Version
broadcom sannav *
CVE-2025-12680

Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the database password.

Products Affected

Vendor Product Version
broadcom sannav *
CVE-2025-12772

Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the switch admin password.

Products Affected

Vendor Product Version
broadcom sannav *
CVE-2025-12773

A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade SANnav database password.

Products Affected

Vendor Product Version
broadcom sannav *
CVE-2025-12774

A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of database tables and encrypted passwords.

Products Affected

Vendor Product Version
broadcom sannav *
CVE-2025-1976

Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2025-22243

VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H 1.7 5.3

Products Affected

Vendor Product Version
vmware cloud_foundation *
vmware telco_cloud_platform *
broadcom vmware_nsx *
broadcom vmware_nsx 4.2.2
vmware telco_cloud_infrastructure *
CVE-2025-22244

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 6.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N 1.7 4.7

Products Affected

Vendor Product Version
vmware cloud_foundation *
vmware telco_cloud_platform *
broadcom vmware_nsx *
broadcom vmware_nsx 4.2.2
vmware telco_cloud_infrastructure *
CVE-2025-22245

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L 1.7 3.7

Products Affected

Vendor Product Version
vmware cloud_foundation *
vmware telco_cloud_platform *
broadcom vmware_nsx *
broadcom vmware_nsx 4.2.2
vmware telco_cloud_infrastructure *
CVE-2025-22248

The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. The PGPOOL_SR_CHECK_USER is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at trust level. This allows to log into a PostgreSQL database using the repgmr user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the bitnami/postgres-ha Kubernetes Helm chart.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
broadcom bitnami *
broadcom bitnami/pgpool *
broadcom bitnami_popool *
CVE-2025-3599

Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources that are normally protected from an application or user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
secure@symantec.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
broadcom symantec_endpoint_protection *
broadcom symantec_eraser_engine *
CVE-2025-4661

A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files outside the intended directory potentially leading to the disclosure of sensitive information. Note: Admin level privilege is required on the switch in order to exploit

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2025-4662

Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2025-50200

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8.

Products Affected

Vendor Product Version
broadcom rabbitmq_server *
CVE-2025-51005

A heap-buffer-overflow vulnerability exists in the tcpliveplay utility of the tcpreplay-4.5.1. When a crafted pcap file is processed, the program incorrectly handles memory in the checksum calculation logic at do_checksum_math_liveplay in tcpliveplay.c, leading to a possible denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
broadcom tcpreplay 4.5.1
CVE-2025-51006

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2.c. This vulnerability is triggered when tcpedit_dlt_cleanup() indirectly invokes the cleanup routine multiple times on the same memory region. By supplying a specifically crafted pcap file to the tcprewrite binary, a local attacker can exploit this flaw to cause a Denial of Service (DoS) via memory corruption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
broadcom tcpreplay 4.5.1
CVE-2025-58379

Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line passwords using commands that may expose higher privilege sensitive information by a lower privileged user.

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2025-58380

A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories.

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2025-58381

A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories.

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2025-58382

A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands as root using “supportsave”, “seccertmgmt”, “configupload” command.

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2025-58383

A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands.

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2025-6390

Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2025-6392

Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.

Products Affected

Vendor Product Version
broadcom brocade_sannav *
CVE-2025-69267

Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Path Traversal.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.

Products Affected

Vendor Product Version
broadcom dx_netops_spectrum *
CVE-2025-69268

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.

Products Affected

Vendor Product Version
broadcom dx_netops_spectrum *
CVE-2025-69269

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects DX NetOps Spectrum: 23.3.6 and earlier.

Products Affected

Vendor Product Version
broadcom dx_netops_spectrum *
CVE-2025-69270

Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.

Products Affected

Vendor Product Version
broadcom dx_netops_spectrum *
CVE-2025-69271

Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier.

Products Affected

Vendor Product Version
broadcom dx_netops_spectrum *
CVE-2025-69272

Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier.

Products Affected

Vendor Product Version
broadcom dx_netops_spectrum *
CVE-2025-69273

Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.This issue affects DX NetOps Spectrum: 24.3.10 and earlier.

Products Affected

Vendor Product Version
broadcom dx_netops_spectrum *
CVE-2025-69274

Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.This issue affects DX NetOps Spectrum: 24.3.10 and earlier.

Products Affected

Vendor Product Version
broadcom dx_netops_spectrum *
CVE-2025-69275

Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier.

Products Affected

Vendor Product Version
broadcom dx_netops_spectrum *
CVE-2025-69276

Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.This issue affects DX NetOps Spectrum: 24.3.13 and earlier.

Products Affected

Vendor Product Version
broadcom dx_netops_spectrum *
CVE-2025-8660

Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
broadcom symantec_pgp_encryption 11.0.1
CVE-2025-8661

A stored Cross-Site Scripting vulnerability (XSS) occurs when the server does not properly validate or encode the data entered by the user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
broadcom symantec_pgp_encryption 11.0.1
CVE-2025-9019 LOW

A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The researcher is able to reproduce this with the latest official release 4.5.1 and the current master branch. The code maintainer cannot reproduce this for 4.5.2-beta1. In his reply the maintainer explains that "[i]n that case, this is a duplicate that was fixed in 4.5.2."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L 1.6 1.4
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,CWE-122,CWE-787,

Products Affected

Vendor Product Version
broadcom tcpreplay 4.5.1
CVE-2025-9384 LOW

A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpedit_post_args of the file /src/tcpedit/parse_args.c. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. Upgrading to version 4.5.2-beta2 is recommended to address this issue. Upgrading the affected component is advised. The vendor explains, that he was "[a]ble to reproduce in 6fcbf03 but not in 4.5.2-beta2".

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-404,CWE-476,CWE-476,

Products Affected

Vendor Product Version
broadcom tcpreplay *
CVE-2025-9385 MEDIUM

A flaw has been found in appneta tcpreplay up to 4.5.1. The affected element is the function fix_ipv6_checksums of the file edit_packet.c of the component tcprewrite. This manipulation causes use after free. The attack is restricted to local execution. The exploit has been published and may be used. Upgrading to version 4.5.2-beta3 is sufficient to fix this issue. It is advisable to upgrade the affected component.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-416,CWE-416,

Products Affected

Vendor Product Version
broadcom tcpreplay *
CVE-2025-9386 MEDIUM

A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.2-beta3 is sufficient to resolve this issue. You should upgrade the affected component.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-416,CWE-416,

Products Affected

Vendor Product Version
broadcom tcpreplay *
CVE-2025-9649 LOW

A security vulnerability has been detected in appneta tcpreplay 4.5.1. Impacted is the function calc_sleep_time of the file send_packets.c. Such manipulation leads to divide by zero. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. Upgrading to version 4.5.3-beta3 is recommended to address this issue. It is advisable to upgrade the affected component. The vendor confirms in a GitHub issue reply: "Was able to reproduce in 6fcbf03 but NOT 4.5.3-beta3."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-369,CWE-404,CWE-369,

Products Affected

Vendor Product Version
broadcom tcpreplay 4.5.1
CVE-2025-9711

A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “root” using the export option of seccertmgmt and seccryptocfg commands.

Products Affected

Vendor Product Version
broadcom fabric_operating_system *
CVE-2026-0383

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command.

Products Affected

Vendor Product Version
broadcom fabric_operating_system 10.0.0
broadcom fabric_operating_system *
CVE-2026-0869

Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches within the fabric.

Products Affected

Vendor Product Version
broadcom brocade_active_support_connectivity_gateway 3.4.0