VYPR

Vendor CVEs

Broadcom Corporation

All CVEs

490 total · sorted by risk
  • CVE-2023-31927Aug 2, 2023
    risk 0.00cvss epss 0.00

    An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface.

  • CVE-2023-31432Aug 1, 2023
    risk 0.00cvss epss 0.00

    Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.

  • CVE-2023-31928Aug 1, 2023
    risk 0.00cvss epss 0.00

    A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session…

  • CVE-2023-31428Aug 1, 2023
    risk 0.00cvss epss 0.00

    Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep.

  • CVE-2023-31430Aug 1, 2023
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.

  • CVE-2023-31431Aug 1, 2023
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service.

  • CVE-2023-31427Aug 1, 2023
    risk 0.00cvss epss 0.00

    Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account…

  • CVE-2023-31426Aug 1, 2023
    risk 0.00cvss epss 0.01

    The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.

  • CVE-2023-31429Aug 1, 2023
    risk 0.00cvss epss 0.00

    Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands…

  • CVE-2023-23952Jun 1, 2023
    risk 0.00cvss epss 0.01

    Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability.

  • CVE-2023-23955Jun 1, 2023
    risk 0.00cvss epss 0.00

    Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability.

  • CVE-2023-23953Jun 1, 2023
    risk 0.00cvss epss 0.00

    Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability.

  • CVE-2023-23954Jun 1, 2023
    risk 0.00cvss epss 0.00

    Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability.

  • CVE-2023-27784Mar 16, 2023
    risk 0.00cvss epss 0.01

    An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint.

  • CVE-2023-27785Mar 16, 2023
    risk 0.00cvss epss 0.01

    An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function.

  • CVE-2022-32654Feb 6, 2023
    risk 0.00cvss epss 0.00

    In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705011; Issue ID: GN20220705011.

  • CVE-2022-32657Jan 3, 2023
    risk 0.00cvss epss 0.00

    In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705042; Issue ID: GN20220705042.

  • CVE-2022-25627Dec 16, 2022
    risk 0.00cvss epss 0.01

    An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4

  • CVE-2022-25628Dec 16, 2022
    risk 0.00cvss epss 0.01

    An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4

  • CVE-2022-33187Dec 9, 2022
    risk 0.00cvss epss 0.00

    Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information.

  • CVE-2022-37015Nov 8, 2022
    risk 0.00cvss epss 0.01

    Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are…

  • CVE-2022-28169Oct 25, 2022
    risk 0.00cvss epss 0.01

    Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this…

  • CVE-2022-28170Oct 25, 2022
    risk 0.00cvss epss 0.00

    Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.

  • CVE-2022-33182Oct 25, 2022
    risk 0.00cvss epss 0.00

    A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload,…

  • CVE-2022-32589Oct 7, 2022
    risk 0.00cvss epss 0.01

    In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an improper resource release. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07030600; Issue ID:…

  • CVE-2022-38611Sep 16, 2022
    risk 0.00cvss epss 0.00

    Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attackers to perform a DLL hijacking attack and execute arbitrary code via a crafted binary.

  • CVE-2022-31676Aug 23, 2022
    risk 0.00cvss epss 0.01

    VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.

  • CVE-2021-27798Aug 5, 2022
    risk 0.00cvss epss 0.00

    A vulnerability in Brocade Fabric OS versions 7.4.1b and 7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions 7.4.1.x and 7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described…

  • CVE-2022-26445Aug 1, 2022
    risk 0.00cvss epss 0.00

    In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420088; Issue ID: GN20220420088.

  • CVE-2022-28168Jun 27, 2022
    risk 0.00cvss epss 0.01

    In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords.

  • CVE-2022-28166Jun 27, 2022
    risk 0.00cvss epss 0.01

    In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082.

  • CVE-2021-30651Jun 24, 2022
    risk 0.00cvss epss 0.01

    A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access.

  • CVE-2022-33756Jun 16, 2022
    risk 0.00cvss epss 0.01

    CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data.

  • CVE-2022-33755Jun 16, 2022
    risk 0.00cvss epss 0.01

    CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users.

  • CVE-2022-33754Jun 16, 2022
    risk 0.00cvss epss 0.02

    CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.

  • CVE-2022-33753Jun 16, 2022
    risk 0.00cvss epss 0.01

    CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges.

  • CVE-2022-33752Jun 16, 2022
    risk 0.00cvss epss 0.02

    CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.

  • CVE-2022-33751Jun 16, 2022
    risk 0.00cvss epss 0.01

    CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data.

  • CVE-2022-33750Jun 16, 2022
    risk 0.00cvss epss 0.02

    CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands.

  • CVE-2022-28162May 9, 2022
    risk 0.00cvss epss 0.00

    Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.

  • CVE-2022-28163May 6, 2022
    risk 0.00cvss epss 0.01

    In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.

  • CVE-2022-28164May 6, 2022
    risk 0.00cvss epss 0.00

    Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords.

  • CVE-2021-26624Apr 1, 2022
    risk 0.00cvss epss 0.02

    An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root…

  • CVE-2022-25623Mar 4, 2022
    risk 0.00cvss epss 0.00

    The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations.

  • CVE-2022-22943Mar 3, 2022
    risk 0.00cvss epss 0.01

    VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in…

  • CVE-2021-27797Feb 21, 2022
    risk 0.00cvss epss 0.01

    Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.

  • CVE-2021-27796Feb 21, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem…

  • CVE-2021-30650Feb 18, 2022
    risk 0.00cvss epss 0.01

    A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. A successful…

  • CVE-2022-22689Feb 4, 2022
    risk 0.00cvss epss 0.01

    CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands.

  • CVE-2022-23083Jan 18, 2022
    risk 0.00cvss epss 0.01

    NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine.

Page 7 of 10