Vendor CVEs
Broadcom Corporation
All CVEs
490 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-31927 | 0.00 | — | 0.00 | Aug 2, 2023 | An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface. | |||
| CVE-2023-31432 | 0.00 | — | 0.00 | Aug 1, 2023 | Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0. | |||
| CVE-2023-31928 | 0.00 | — | 0.00 | Aug 1, 2023 | A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session… | |||
| CVE-2023-31428 | 0.00 | — | 0.00 | Aug 1, 2023 | Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep. | |||
| CVE-2023-31430 | 0.00 | — | 0.00 | Aug 1, 2023 | A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service. | |||
| CVE-2023-31431 | 0.00 | — | 0.00 | Aug 1, 2023 | A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service. | |||
| CVE-2023-31427 | 0.00 | — | 0.00 | Aug 1, 2023 | Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account… | |||
| CVE-2023-31426 | 0.00 | — | 0.01 | Aug 1, 2023 | The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information. | |||
| CVE-2023-31429 | 0.00 | — | 0.00 | Aug 1, 2023 | Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands… | |||
| CVE-2023-23952 | 0.00 | — | 0.01 | Jun 1, 2023 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability. | |||
| CVE-2023-23955 | 0.00 | — | 0.00 | Jun 1, 2023 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. | |||
| CVE-2023-23953 | 0.00 | — | 0.00 | Jun 1, 2023 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability. | |||
| CVE-2023-23954 | 0.00 | — | 0.00 | Jun 1, 2023 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability. | |||
| CVE-2023-27784 | 0.00 | — | 0.01 | Mar 16, 2023 | An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint. | |||
| CVE-2023-27785 | 0.00 | — | 0.01 | Mar 16, 2023 | An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function. | |||
| CVE-2022-32654 | 0.00 | — | 0.00 | Feb 6, 2023 | In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705011; Issue ID: GN20220705011. | |||
| CVE-2022-32657 | 0.00 | — | 0.00 | Jan 3, 2023 | In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705042; Issue ID: GN20220705042. | |||
| CVE-2022-25627 | 0.00 | — | 0.01 | Dec 16, 2022 | An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4 | |||
| CVE-2022-25628 | 0.00 | — | 0.01 | Dec 16, 2022 | An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4 | |||
| CVE-2022-33187 | 0.00 | — | 0.00 | Dec 9, 2022 | Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information. | |||
| CVE-2022-37015 | 0.00 | — | 0.01 | Nov 8, 2022 | Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are… | |||
| CVE-2022-28169 | 0.00 | — | 0.01 | Oct 25, 2022 | Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this… | |||
| CVE-2022-28170 | 0.00 | — | 0.00 | Oct 25, 2022 | Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. | |||
| CVE-2022-33182 | 0.00 | — | 0.00 | Oct 25, 2022 | A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload,… | |||
| CVE-2022-32589 | 0.00 | — | 0.01 | Oct 7, 2022 | In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an improper resource release. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07030600; Issue ID:… | |||
| CVE-2022-38611 | 0.00 | — | 0.00 | Sep 16, 2022 | Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attackers to perform a DLL hijacking attack and execute arbitrary code via a crafted binary. | |||
| CVE-2022-31676 | 0.00 | — | 0.01 | Aug 23, 2022 | VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. | |||
| CVE-2021-27798 | 0.00 | — | 0.00 | Aug 5, 2022 | A vulnerability in Brocade Fabric OS versions 7.4.1b and 7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions 7.4.1.x and 7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described… | |||
| CVE-2022-26445 | 0.00 | — | 0.00 | Aug 1, 2022 | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420088; Issue ID: GN20220420088. | |||
| CVE-2022-28168 | 0.00 | — | 0.01 | Jun 27, 2022 | In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. | |||
| CVE-2022-28166 | 0.00 | — | 0.01 | Jun 27, 2022 | In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082. | |||
| CVE-2021-30651 | 0.00 | — | 0.01 | Jun 24, 2022 | A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access. | |||
| CVE-2022-33756 | 0.00 | — | 0.01 | Jun 16, 2022 | CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data. | |||
| CVE-2022-33755 | 0.00 | — | 0.01 | Jun 16, 2022 | CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users. | |||
| CVE-2022-33754 | 0.00 | — | 0.02 | Jun 16, 2022 | CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. | |||
| CVE-2022-33753 | 0.00 | — | 0.01 | Jun 16, 2022 | CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges. | |||
| CVE-2022-33752 | 0.00 | — | 0.02 | Jun 16, 2022 | CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. | |||
| CVE-2022-33751 | 0.00 | — | 0.01 | Jun 16, 2022 | CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data. | |||
| CVE-2022-33750 | 0.00 | — | 0.02 | Jun 16, 2022 | CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands. | |||
| CVE-2022-28162 | 0.00 | — | 0.00 | May 9, 2022 | Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. | |||
| CVE-2022-28163 | 0.00 | — | 0.01 | May 6, 2022 | In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands. | |||
| CVE-2022-28164 | 0.00 | — | 0.00 | May 6, 2022 | Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords. | |||
| CVE-2021-26624 | 0.00 | — | 0.02 | Apr 1, 2022 | An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root… | |||
| CVE-2022-25623 | 0.00 | — | 0.00 | Mar 4, 2022 | The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations. | |||
| CVE-2022-22943 | 0.00 | — | 0.01 | Mar 3, 2022 | VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in… | |||
| CVE-2021-27797 | 0.00 | — | 0.01 | Feb 21, 2022 | Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system. | |||
| CVE-2021-27796 | 0.00 | — | 0.01 | Feb 21, 2022 | A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem… | |||
| CVE-2021-30650 | 0.00 | — | 0.01 | Feb 18, 2022 | A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. A successful… | |||
| CVE-2022-22689 | 0.00 | — | 0.01 | Feb 4, 2022 | CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands. | |||
| CVE-2022-23083 | 0.00 | — | 0.01 | Jan 18, 2022 | NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine. |
- CVE-2023-31927Aug 2, 2023risk 0.00cvss —epss 0.00
An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface.
- CVE-2023-31432Aug 1, 2023risk 0.00cvss —epss 0.00
Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.
- CVE-2023-31928Aug 1, 2023risk 0.00cvss —epss 0.00
A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session…
- CVE-2023-31428Aug 1, 2023risk 0.00cvss —epss 0.00
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep.
- CVE-2023-31430Aug 1, 2023risk 0.00cvss —epss 0.00
A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.
- CVE-2023-31431Aug 1, 2023risk 0.00cvss —epss 0.00
A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service.
- CVE-2023-31427Aug 1, 2023risk 0.00cvss —epss 0.00
Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account…
- CVE-2023-31426Aug 1, 2023risk 0.00cvss —epss 0.01
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.
- CVE-2023-31429Aug 1, 2023risk 0.00cvss —epss 0.00
Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands…
- CVE-2023-23952Jun 1, 2023risk 0.00cvss —epss 0.01
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability.
- CVE-2023-23955Jun 1, 2023risk 0.00cvss —epss 0.00
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability.
- CVE-2023-23953Jun 1, 2023risk 0.00cvss —epss 0.00
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability.
- CVE-2023-23954Jun 1, 2023risk 0.00cvss —epss 0.00
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability.
- CVE-2023-27784Mar 16, 2023risk 0.00cvss —epss 0.01
An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint.
- CVE-2023-27785Mar 16, 2023risk 0.00cvss —epss 0.01
An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function.
- CVE-2022-32654Feb 6, 2023risk 0.00cvss —epss 0.00
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705011; Issue ID: GN20220705011.
- CVE-2022-32657Jan 3, 2023risk 0.00cvss —epss 0.00
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705042; Issue ID: GN20220705042.
- CVE-2022-25627Dec 16, 2022risk 0.00cvss —epss 0.01
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4
- CVE-2022-25628Dec 16, 2022risk 0.00cvss —epss 0.01
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4
- CVE-2022-33187Dec 9, 2022risk 0.00cvss —epss 0.00
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information.
- CVE-2022-37015Nov 8, 2022risk 0.00cvss —epss 0.01
Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are…
- CVE-2022-28169Oct 25, 2022risk 0.00cvss —epss 0.01
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this…
- CVE-2022-28170Oct 25, 2022risk 0.00cvss —epss 0.00
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.
- CVE-2022-33182Oct 25, 2022risk 0.00cvss —epss 0.00
A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload,…
- CVE-2022-32589Oct 7, 2022risk 0.00cvss —epss 0.01
In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an improper resource release. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07030600; Issue ID:…
- CVE-2022-38611Sep 16, 2022risk 0.00cvss —epss 0.00
Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attackers to perform a DLL hijacking attack and execute arbitrary code via a crafted binary.
- CVE-2022-31676Aug 23, 2022risk 0.00cvss —epss 0.01
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
- CVE-2021-27798Aug 5, 2022risk 0.00cvss —epss 0.00
A vulnerability in Brocade Fabric OS versions 7.4.1b and 7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions 7.4.1.x and 7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described…
- CVE-2022-26445Aug 1, 2022risk 0.00cvss —epss 0.00
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420088; Issue ID: GN20220420088.
- CVE-2022-28168Jun 27, 2022risk 0.00cvss —epss 0.01
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords.
- CVE-2022-28166Jun 27, 2022risk 0.00cvss —epss 0.01
In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082.
- CVE-2021-30651Jun 24, 2022risk 0.00cvss —epss 0.01
A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access.
- CVE-2022-33756Jun 16, 2022risk 0.00cvss —epss 0.01
CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data.
- CVE-2022-33755Jun 16, 2022risk 0.00cvss —epss 0.01
CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users.
- CVE-2022-33754Jun 16, 2022risk 0.00cvss —epss 0.02
CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.
- CVE-2022-33753Jun 16, 2022risk 0.00cvss —epss 0.01
CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges.
- CVE-2022-33752Jun 16, 2022risk 0.00cvss —epss 0.02
CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.
- CVE-2022-33751Jun 16, 2022risk 0.00cvss —epss 0.01
CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data.
- CVE-2022-33750Jun 16, 2022risk 0.00cvss —epss 0.02
CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands.
- CVE-2022-28162May 9, 2022risk 0.00cvss —epss 0.00
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.
- CVE-2022-28163May 6, 2022risk 0.00cvss —epss 0.01
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.
- CVE-2022-28164May 6, 2022risk 0.00cvss —epss 0.00
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords.
- CVE-2021-26624Apr 1, 2022risk 0.00cvss —epss 0.02
An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root…
- CVE-2022-25623Mar 4, 2022risk 0.00cvss —epss 0.00
The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations.
- CVE-2022-22943Mar 3, 2022risk 0.00cvss —epss 0.01
VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in…
- CVE-2021-27797Feb 21, 2022risk 0.00cvss —epss 0.01
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.
- CVE-2021-27796Feb 21, 2022risk 0.00cvss —epss 0.01
A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem…
- CVE-2021-30650Feb 18, 2022risk 0.00cvss —epss 0.01
A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. A successful…
- CVE-2022-22689Feb 4, 2022risk 0.00cvss —epss 0.01
CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands.
- CVE-2022-23083Jan 18, 2022risk 0.00cvss —epss 0.01
NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine.
Page 7 of 10