Filtered by vendor Broadcom Subscriptions
Total 516 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-28169 1 Broadcom 1 Fabric Operating System 2024-08-03 8.8 High
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header.
CVE-2022-28162 1 Broadcom 1 Sannav 2024-08-03 3.3 Low
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.
CVE-2022-28164 1 Broadcom 1 Sannav 2024-08-03 6.5 Medium
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords.
CVE-2022-27941 2 Broadcom, Fedoraproject 2 Tcpreplay, Fedora 2024-08-03 7.8 High
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.
CVE-2022-27942 2 Broadcom, Fedoraproject 2 Tcpreplay, Fedora 2024-08-03 7.8 High
tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.
CVE-2022-27940 2 Broadcom, Fedoraproject 2 Tcpreplay, Fedora 2024-08-03 7.8 High
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.
CVE-2022-27939 2 Broadcom, Fedoraproject 2 Tcpreplay, Fedora 2024-08-03 5.5 Medium
tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.
CVE-2022-27418 1 Broadcom 1 Tcpreplay 2024-08-03 7.8 High
Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.
CVE-2022-27416 1 Broadcom 1 Tcpreplay 2024-08-03 7.8 High
Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.
CVE-2022-25627 1 Broadcom 1 Symantec Identity Governance And Administration 2024-08-03 6.7 Medium
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4
CVE-2022-25626 1 Broadcom 1 Symantec Identity Governance And Administration 2024-08-03 5.3 Medium
An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session.
CVE-2022-25631 1 Broadcom 1 Symantec Endpoint Protection 2024-08-03 7.8 High
Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated
CVE-2022-25625 1 Broadcom 1 Symantec Privileged Access Management 2024-08-03 8.8 High
A malicious unauthorized PAM user can access the administration configuration data and change the values.
CVE-2022-25628 1 Broadcom 1 Symantec Identity Governance And Administration 2024-08-03 8.8 High
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4
CVE-2022-25484 1 Broadcom 1 Tcpreplay 2024-08-03 5.5 Medium
tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1.
CVE-2022-23992 1 Broadcom 1 Xcom Data Transport 2024-08-03 9.8 Critical
XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges.
CVE-2022-23305 6 Apache, Broadcom, Netapp and 3 more 46 Log4j, Brocade Sannav, Snapmanager and 43 more 2024-08-03 9.8 Critical
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
CVE-2022-23302 6 Apache, Broadcom, Netapp and 3 more 44 Log4j, Brocade Sannav, Snapmanager and 41 more 2024-08-03 8.8 High
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
CVE-2022-23083 1 Broadcom 2 Netmaster File Transfer Management, Netmaster Network Management For Tcp\/ip 2024-08-03 6.1 Medium
NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine.
CVE-2022-22689 1 Broadcom 1 Ca Harvest Software Change Manager 2024-08-03 8.8 High
CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands.