Broadcom: Security Vulnerabilities
Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection.
CVSS Score
5.7
EPSS Score
0.001
Published
2024-04-17
The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash.
The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-04-17
Brocade
Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not
properly represent the portName to the user if the portName contains
reserved characters. This could allow an authenticated user to alter the
UI of the Brocade Switch and change ports display.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-04-05
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.
This issue affects Apache HTTP Server: through 2.4.58.
CVSS Score
7.3
EPSS Score
0.052
Published
2024-04-04
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.
Users are recommended to upgrade to version 2.4.59, which fixes this issue.
CVSS Score
6.3
EPSS Score
0.019
Published
2024-04-04
Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.
CVSS Score
8.6
EPSS Score
0.049
Published
2024-04-04
A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-258333 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-03-28
Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command.
CVSS Score
6.5
EPSS Score
0.0
Published
2024-03-12
A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution.
CVSS Score
9.6
EPSS Score
0.024
Published
2024-01-26
A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.
CVSS Score
10.0
EPSS Score
0.077
Published
2024-01-26