Broadcom: Security Vulnerabilities
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-03-16
An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-01-26
User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses.
CVSS Score
6.1
EPSS Score
0.007
Published
2023-01-26
Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application
CVSS Score
6.1
EPSS Score
0.006
Published
2023-01-26
Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated
CVSS Score
7.8
EPSS Score
0.001
Published
2023-01-20
An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session.
CVSS Score
5.3
EPSS Score
0.006
Published
2022-12-16
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4
CVSS Score
6.7
EPSS Score
0.007
Published
2022-12-16
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4
CVSS Score
8.8
EPSS Score
0.002
Published
2022-12-16
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in
debug-enabled logs. The vulnerability could allow an attacker with admin
privilege to read sensitive information.
CVSS Score
5.5
EPSS Score
0.002
Published
2022-12-09
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-12-07