Filtered by vendor Broadcom
Subscribe
Total
506 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-27787 | 1 Broadcom | 1 Tcpreplay | 2023-12-10 | N/A | 7.5 HIGH |
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint. | |||||
CVE-2023-27784 | 1 Broadcom | 1 Tcpreplay | 2023-12-10 | N/A | 7.5 HIGH |
An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint. | |||||
CVE-2022-3643 | 3 Broadcom, Debian, Linux | 3 Bcm5780, Debian Linux, Linux Kernel | 2023-12-10 | N/A | 6.5 MEDIUM |
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. | |||||
CVE-2023-23951 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2023-12-10 | N/A | 6.1 MEDIUM |
Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application | |||||
CVE-2022-25628 | 1 Broadcom | 1 Symantec Identity Governance And Administration | 2023-12-10 | N/A | 8.8 HIGH |
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4 | |||||
CVE-2022-25626 | 1 Broadcom | 1 Symantec Identity Governance And Administration | 2023-12-10 | N/A | 5.3 MEDIUM |
An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session. | |||||
CVE-2023-23949 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2023-12-10 | N/A | 5.4 MEDIUM |
An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. | |||||
CVE-2022-33178 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | N/A | 7.2 HIGH |
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. | |||||
CVE-2022-33183 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | N/A | 8.8 HIGH |
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands. | |||||
CVE-2022-33182 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | N/A | 7.8 HIGH |
A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”. | |||||
CVE-2022-37049 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2023-12-10 | N/A | 7.8 HIGH |
The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942. | |||||
CVE-2022-37048 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2023-12-10 | N/A | 7.8 HIGH |
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941. | |||||
CVE-2022-33181 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | N/A | 5.5 MEDIUM |
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”. | |||||
CVE-2022-25625 | 1 Broadcom | 1 Symantec Privileged Access Management | 2023-12-10 | N/A | 8.8 HIGH |
A malicious unauthorized PAM user can access the administration configuration data and change the values. | |||||
CVE-2022-33180 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | N/A | 5.5 MEDIUM |
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”. | |||||
CVE-2022-33184 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | N/A | 7.8 HIGH |
A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account. | |||||
CVE-2022-33185 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | N/A | 7.8 HIGH |
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account. | |||||
CVE-2022-28170 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | N/A | 6.5 MEDIUM |
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. | |||||
CVE-2022-28169 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | N/A | 8.8 HIGH |
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header. | |||||
CVE-2021-46825 | 1 Broadcom | 2 Advanced Secure Gateway, Proxysg | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |