Filtered by vendor Broadcom
Subscribe
Total
568 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28487 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2022-28168 | 1 Broadcom | 1 Sannav | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. | |||||
| CVE-2022-28167 | 1 Broadcom | 1 Sannav | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log | |||||
| CVE-2022-28166 | 1 Broadcom | 1 Sannav | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082. | |||||
| CVE-2022-28165 | 1 Broadcom | 1 Sannav | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests. | |||||
| CVE-2022-28164 | 1 Broadcom | 1 Sannav | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords. | |||||
| CVE-2022-28163 | 1 Broadcom | 1 Sannav | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands. | |||||
| CVE-2022-28162 | 1 Broadcom | 1 Sannav | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. | |||||
| CVE-2022-27942 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. | |||||
| CVE-2022-27941 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. | |||||
| CVE-2022-27940 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. | |||||
| CVE-2022-27939 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. | |||||
| CVE-2022-27418 | 1 Broadcom | 1 Tcpreplay | 2024-11-21 | 5.1 MEDIUM | 7.8 HIGH |
| Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c. | |||||
| CVE-2022-27416 | 1 Broadcom | 1 Tcpreplay | 2024-11-21 | 5.1 MEDIUM | 7.8 HIGH |
| Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free. | |||||
| CVE-2022-25625 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-11-21 | N/A | 8.8 HIGH |
| A malicious unauthorized PAM user can access the administration configuration data and change the values. | |||||
| CVE-2022-25484 | 1 Broadcom | 1 Tcpreplay | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1. | |||||
| CVE-2022-23992 | 1 Broadcom | 1 Xcom Data Transport | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges. | |||||
| CVE-2022-23305 | 5 Apache, Broadcom, Netapp and 2 more | 28 Log4j, Brocade Sannav, Snapmanager and 25 more | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | |||||
| CVE-2022-23083 | 1 Broadcom | 2 Netmaster File Transfer Management, Netmaster Network Management For Tcp\/ip | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine. | |||||
| CVE-2022-22689 | 1 Broadcom | 1 Ca Harvest Software Change Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands. | |||||