Broadcom: Security Vulnerabilities
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.
CVSS Score
10.0
EPSS Score
0.021
Published
2024-01-26
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.
CVSS Score
10.0
EPSS Score
0.063
Published
2024-01-26
A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.
CVSS Score
10.0
EPSS Score
0.063
Published
2024-01-26
Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-12-21
Brocade Fabric OS (FOS) hardware
platforms running any version of Brocade Fabric OS software, which
supports the license string format; contain cryptographic
issues that could allow for the installation of forged or fraudulent
license keys. This would allow attackers or a malicious party to forge a
counterfeit license key that the Brocade Fabric OS platform would
authenticate and activate as if it were a legitimate license key.
CVSS Score
6.4
EPSS Score
0.0
Published
2023-12-06
Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-09
An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM. This can also be used to bypass kernel-level protections such as AV or PPL, because exploit code runs with high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable driver) ransomware campaigns.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-10-10
In
Brocade Fabric OS before v9.2.0a, a local authenticated privileged user
can trigger a buffer overflow condition, leading to a kernel panic with
large input to buffers in the portcfgfportbuffers command.
CVSS Score
4.4
EPSS Score
0.0
Published
2023-08-31
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a
allows remote unauthenticated users to bypass web authentication and
authorization.
CVSS Score
8.1
EPSS Score
0.006
Published
2023-08-31
Brocade
SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords
in plaintext. A privileged user could retrieve these credentials with
knowledge and access to these log files. SNMP
credentials could be seen in SANnav SupportSave if the capture is
performed after an SNMP configuration failure causes an SNMP
communication log dump.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-08-31