Broadcom Security Vulnerabilities
A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions v7.4.1.x and v7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product...
5.5CVSS
5.2AI Score
0.0004EPSS
Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload...
5.4CVSS
7.7AI Score
0.001EPSS
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178...
7.5CVSS
7.2AI Score
0.002EPSS
An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the ports2PORT function at the portmap.c:69...
7.5CVSS
7.2AI Score
0.002EPSS
An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints...
7.5CVSS
7.2AI Score
0.002EPSS
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81...
7.5CVSS
7.2AI Score
0.002EPSS
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring...
7.5CVSS
7.2AI Score
0.002EPSS
An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at...
7.5CVSS
7.2AI Score
0.002EPSS
An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309...
7.5CVSS
7.2AI Score
0.002EPSS
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from...
7.8CVSS
7.7AI Score
0.001EPSS
The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from...
7.8CVSS
7.7AI Score
0.001EPSS
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from...
7.8CVSS
7.7AI Score
0.001EPSS
Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data...
7.5CVSS
7.3AI Score
0.001EPSS
An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process....
7.8CVSS
7.5AI Score
0.0004EPSS
An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal...
5.4CVSS
6.7AI Score
0.0005EPSS
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on...
5.5CVSS
5.5AI Score
0.0004EPSS
5.5CVSS
5.6AI Score
0.0004EPSS
Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged...
6.5CVSS
6.4AI Score
0.0005EPSS
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on...
5.5CVSS
5.4AI Score
0.0004EPSS
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security ...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS...
7.5CVSS
7.5AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search...
7.5CVSS
7.4AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite...
9.8CVSS
9.3AI Score
0.001EPSS
7.5CVSS
7.7AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web...
9.8CVSS
9.5AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy ...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log...
7.5CVSS
7.5AI Score
0.001EPSS
Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on...
7.5CVSS
7.7AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file...
7.5CVSS
7.5AI Score
0.001EPSS
Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log...
9.8CVSS
9.5AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known...
9.8CVSS
9.5AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based...
7.5CVSS
7.6AI Score
0.001EPSS
Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web...
9.1CVSS
9.1AI Score
0.003EPSS
An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web...
5.3CVSS
5.4AI Score
0.001EPSS
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow”...
8.8CVSS
8.6AI Score
0.002EPSS
CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate...
8.8CVSS
8.5AI Score
0.001EPSS
In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 &...
7.5CVSS
7.6AI Score
0.002EPSS
Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in...
6.5CVSS
6.5AI Score
0.001EPSS
A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to...
4.9CVSS
5AI Score
0.001EPSS
Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or...
9.8CVSS
9.3AI Score
0.002EPSS
Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User....
7.5CVSS
7.4AI Score
0.001EPSS
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and...
5.5CVSS
5.1AI Score
0.0004EPSS
CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate...
5.3CVSS
5.3AI Score
0.001EPSS
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists...
8.8CVSS
8.5AI Score
0.002EPSS
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account...
6.5CVSS
6.3AI Score
0.001EPSS