Filtered by vendor Broadcom
Subscriptions
Total
516 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-33756 | 1 Broadcom | 1 Ca Automic Automation | 2024-08-03 | 7.5 High |
CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data. | ||||
CVE-2022-33753 | 1 Broadcom | 1 Ca Automic Automation | 2024-08-03 | 8.8 High |
CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges. | ||||
CVE-2022-33752 | 1 Broadcom | 1 Ca Automic Automation | 2024-08-03 | 9.8 Critical |
CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. | ||||
CVE-2022-33750 | 1 Broadcom | 1 Ca Automic Automation | 2024-08-03 | 9.8 Critical |
CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands. | ||||
CVE-2022-33183 | 1 Broadcom | 1 Fabric Operating System | 2024-08-03 | 8.8 High |
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands. | ||||
CVE-2022-33182 | 1 Broadcom | 1 Fabric Operating System | 2024-08-03 | 7.8 High |
A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”. | ||||
CVE-2022-33187 | 1 Broadcom | 1 Brocade Sannav | 2024-08-03 | 5.5 Medium |
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information. | ||||
CVE-2022-33180 | 1 Broadcom | 1 Fabric Operating System | 2024-08-03 | 5.5 Medium |
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”. | ||||
CVE-2022-33185 | 1 Broadcom | 1 Fabric Operating System | 2024-08-03 | 7.8 High |
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account. | ||||
CVE-2022-33178 | 1 Broadcom | 1 Fabric Operating System | 2024-08-03 | 7.2 High |
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. | ||||
CVE-2022-33179 | 1 Broadcom | 1 Fabric Operating System | 2024-08-03 | 8.8 High |
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. | ||||
CVE-2022-33181 | 1 Broadcom | 1 Fabric Operating System | 2024-08-03 | 5.5 Medium |
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”. | ||||
CVE-2022-33184 | 1 Broadcom | 1 Fabric Operating System | 2024-08-03 | 7.8 High |
A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account. | ||||
CVE-2022-28487 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-08-03 | 7.5 High |
Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality. | ||||
CVE-2022-28168 | 1 Broadcom | 1 Sannav | 2024-08-03 | 7.5 High |
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. | ||||
CVE-2022-28166 | 1 Broadcom | 1 Sannav | 2024-08-03 | 7.5 High |
In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082. | ||||
CVE-2022-28167 | 1 Broadcom | 1 Sannav | 2024-08-03 | 6.5 Medium |
Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log | ||||
CVE-2022-28163 | 1 Broadcom | 1 Sannav | 2024-08-03 | 9.8 Critical |
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands. | ||||
CVE-2022-28165 | 1 Broadcom | 1 Sannav | 2024-08-03 | 8.8 High |
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests. | ||||
CVE-2022-28170 | 1 Broadcom | 1 Fabric Operating System | 2024-08-03 | 6.5 Medium |
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. |