Filtered by vendor Broadcom
Subscriptions
Total
507 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-33751 | 1 Broadcom | 1 Ca Automic Automation | 2023-08-08 | 7.5 High |
| CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data. | ||||
| CVE-2022-33753 | 1 Broadcom | 1 Ca Automic Automation | 2023-08-08 | 8.8 High |
| CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges. | ||||
| CVE-2022-33183 | 1 Broadcom | 1 Fabric Operating System | 2023-08-08 | 8.8 High |
| A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands. | ||||
| CVE-2022-25626 | 1 Broadcom | 1 Symantec Identity Governance And Administration | 2023-08-08 | 5.3 Medium |
| An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session. | ||||
| CVE-2022-25631 | 1 Broadcom | 1 Symantec Endpoint Protection | 2023-08-08 | 7.8 High |
| Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated | ||||
| CVE-2023-23956 | 1 Broadcom | 1 Symantec Siteminder Webagent | 2023-06-20 | 5.4 Medium |
| A user can supply malicious HTML and JavaScript code that will be executed in the client browser | ||||
| CVE-2023-23953 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2023-06-06 | 7.8 High |
| Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability. | ||||
| CVE-2023-23952 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2023-06-06 | 9.8 Critical |
| Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability. | ||||
| CVE-2023-23955 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2023-06-06 | 8.1 High |
| Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. | ||||
| CVE-2023-23954 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2023-06-06 | 5.4 Medium |
| Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability. | ||||
| CVE-2022-33184 | 1 Broadcom | 1 Fabric Operating System | 2023-03-02 | 7.8 High |
| A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account. | ||||
| CVE-2022-33180 | 1 Broadcom | 1 Fabric Operating System | 2023-03-02 | 5.5 Medium |
| A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”. | ||||
| CVE-2022-33179 | 1 Broadcom | 1 Fabric Operating System | 2023-03-02 | 8.8 High |
| A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. | ||||
| CVE-2022-33178 | 1 Broadcom | 1 Fabric Operating System | 2023-03-02 | 7.2 High |
| A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. | ||||
| CVE-2022-28170 | 1 Broadcom | 1 Fabric Operating System | 2023-03-02 | 6.5 Medium |
| Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. | ||||
| CVE-2022-28169 | 1 Broadcom | 1 Fabric Operating System | 2023-03-02 | 8.8 High |
| Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header. | ||||
| CVE-2022-33185 | 1 Broadcom | 1 Fabric Operating System | 2023-02-28 | 7.8 High |
| Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account. | ||||
| CVE-2022-33182 | 1 Broadcom | 1 Fabric Operating System | 2023-02-28 | 7.8 High |
| A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”. | ||||
| CVE-2022-23302 | 5 Apache, Broadcom, Netapp and 2 more | 26 Log4j, Brocade Sannav, Snapmanager and 23 more | 2023-02-24 | 8.8 High |
| JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | ||||
| CVE-2022-23305 | 5 Apache, Broadcom, Netapp and 2 more | 28 Log4j, Brocade Sannav, Snapmanager and 25 more | 2023-02-24 | 9.8 Critical |
| By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | ||||