Filtered by vendor Broadcom
Subscribe
Total
506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33756 | 1 Broadcom | 1 Ca Automic Automation | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data. | |||||
| CVE-2021-30651 | 1 Broadcom | 1 Symantec Messaging Gateway | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access. | |||||
| CVE-2022-33753 | 1 Broadcom | 1 Ca Automic Automation | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges. | |||||
| CVE-2022-33750 | 1 Broadcom | 1 Ca Automic Automation | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands. | |||||
| CVE-2021-45386 | 1 Broadcom | 1 Tcpreplay | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c | |||||
| CVE-2022-33755 | 1 Broadcom | 1 Ca Automic Automation | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users. | |||||
| CVE-2022-28162 | 1 Broadcom | 1 Sannav | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. | |||||
| CVE-2022-28164 | 1 Broadcom | 1 Sannav | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords. | |||||
| CVE-2022-28166 | 1 Broadcom | 1 Sannav | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082. | |||||
| CVE-2022-27940 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. | |||||
| CVE-2022-2068 | 6 Broadcom, Debian, Fedoraproject and 3 more | 43 Sannav, Debian Linux, Fedora and 40 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). | |||||
| CVE-2022-33754 | 1 Broadcom | 1 Ca Automic Automation | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. | |||||
| CVE-2020-15388 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files. | |||||
| CVE-2022-28165 | 1 Broadcom | 1 Sannav | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests. | |||||
| CVE-2021-27797 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system. | |||||
| CVE-2021-45387 | 1 Broadcom | 1 Tcpreplay | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c. | |||||
| CVE-2022-22689 | 1 Broadcom | 1 Ca Harvest Software Change Manager | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands. | |||||
| CVE-2021-42774 | 1 Broadcom | 1 Emulex Hba Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks. In non-secure mode, the user is unauthenticated. | |||||
| CVE-2022-23302 | 5 Apache, Broadcom, Netapp and 2 more | 26 Log4j, Brocade Sannav, Snapmanager and 23 more | 2023-12-10 | 6.0 MEDIUM | 8.8 HIGH |
| JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | |||||
| CVE-2021-42772 | 1 Broadcom | 2 Emulex Hba Manager, One Command Manager | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
| Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that could allow a user to attempt various attacks. In non-secure mode, the user is unauthenticated | |||||