| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2023-27789 |
617 |
|
DoS |
2023-03-16 |
2023-05-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint. |
|
2 |
CVE-2023-27788 |
617 |
|
DoS |
2023-03-16 |
2023-05-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the ports2PORT function at the portmap.c:69 endpoint. |
|
3 |
CVE-2023-27787 |
476 |
|
DoS |
2023-03-16 |
2023-05-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint. |
|
4 |
CVE-2023-27786 |
476 |
|
DoS |
2023-03-16 |
2023-05-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function. |
|
5 |
CVE-2023-27785 |
476 |
|
DoS |
2023-03-16 |
2023-05-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function. |
|
6 |
CVE-2023-27784 |
476 |
|
DoS |
2023-03-16 |
2023-05-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint. |
|
7 |
CVE-2023-27783 |
617 |
|
DoS |
2023-03-16 |
2023-05-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. |
|
8 |
CVE-2023-23956 |
79 |
|
Exec Code XSS |
2023-05-30 |
2023-06-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A user can supply malicious HTML and JavaScript code that will be executed in the client browser |
|
9 |
CVE-2023-23955 |
918 |
|
|
2023-06-01 |
2023-06-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. |
|
10 |
CVE-2023-23954 |
79 |
|
XSS |
2023-06-01 |
2023-06-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability. |
|
11 |
CVE-2023-23953 |
|
|
|
2023-06-01 |
2023-06-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability. |
|
12 |
CVE-2023-23952 |
77 |
|
|
2023-06-01 |
2023-06-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability. |
|
13 |
CVE-2023-23951 |
79 |
|
XSS |
2023-01-26 |
2023-02-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application |
|
14 |
CVE-2023-23950 |
79 |
|
XSS |
2023-01-26 |
2023-02-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. |
|
15 |
CVE-2023-23949 |
79 |
|
Exec Code XSS |
2023-01-26 |
2023-02-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. |
|
16 |
CVE-2022-37049 |
787 |
|
Overflow |
2022-08-18 |
2022-10-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942. |
|
17 |
CVE-2022-37048 |
787 |
|
Overflow |
2022-08-18 |
2022-10-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941. |
|
18 |
CVE-2022-37047 |
787 |
|
Overflow |
2022-08-18 |
2022-10-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940. |
|
19 |
CVE-2022-37017 |
863 |
|
Bypass |
2022-12-01 |
2022-12-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled. |
|
20 |
CVE-2022-37016 |
269 |
|
+Priv |
2022-12-01 |
2022-12-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. |
|
21 |
CVE-2022-33756 |
331 |
|
|
2022-06-16 |
2022-06-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data. |
|
22 |
CVE-2022-33755 |
20 |
|
|
2022-06-16 |
2022-06-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users. |
|
23 |
CVE-2022-33754 |
20 |
|
Exec Code |
2022-06-16 |
2022-06-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. |
|
24 |
CVE-2022-33753 |
668 |
|
|
2022-06-16 |
2022-06-27 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges. |
|
25 |
CVE-2022-33752 |
20 |
|
Exec Code |
2022-06-16 |
2022-06-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. |
|
26 |
CVE-2022-33751 |
668 |
|
|
2022-06-16 |
2022-06-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data. |
|
27 |
CVE-2022-33750 |
287 |
|
Exec Code |
2022-06-16 |
2022-06-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands. |
|
28 |
CVE-2022-33739 |
91 |
|
|
2022-06-16 |
2022-06-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system. |
|
29 |
CVE-2022-33187 |
532 |
|
|
2022-12-09 |
2022-12-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information. |
|
30 |
CVE-2022-33185 |
787 |
|
Exec Code Overflow |
2022-10-25 |
2023-02-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account. |
|
31 |
CVE-2022-33184 |
787 |
|
Exec Code Overflow |
2022-10-25 |
2023-03-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account. |
|
32 |
CVE-2022-33183 |
|
|
Overflow |
2022-10-25 |
2023-02-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands. |
|
33 |
CVE-2022-33182 |
|
|
|
2022-10-25 |
2023-02-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”. |
|
34 |
CVE-2022-33181 |
200 |
|
+Info |
2022-10-25 |
2023-03-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”. |
|
35 |
CVE-2022-33180 |
|
|
|
2022-10-25 |
2023-03-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”. |
|
36 |
CVE-2022-33179 |
|
|
|
2022-10-25 |
2023-03-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. |
|
37 |
CVE-2022-33178 |
20 |
|
Exec Code |
2022-10-25 |
2023-03-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. |
|
38 |
CVE-2022-28487 |
401 |
|
|
2022-05-04 |
2022-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality. |
|
39 |
CVE-2022-28170 |
922 |
|
|
2022-10-25 |
2023-03-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. |
|
40 |
CVE-2022-28169 |
269 |
|
+Priv |
2022-10-25 |
2023-03-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header. |
|
41 |
CVE-2022-28168 |
922 |
|
|
2022-06-27 |
2022-07-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. |
|
42 |
CVE-2022-28167 |
922 |
|
|
2022-06-27 |
2022-07-07 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log |
|
43 |
CVE-2022-28166 |
|
|
|
2022-06-27 |
2022-07-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082. |
|
44 |
CVE-2022-28165 |
862 |
|
|
2022-05-06 |
2022-05-17 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests. |
|
45 |
CVE-2022-28164 |
326 |
|
|
2022-05-06 |
2022-05-13 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords. |
|
46 |
CVE-2022-28163 |
89 |
|
Sql |
2022-05-06 |
2022-05-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands. |
|
47 |
CVE-2022-28162 |
312 |
|
|
2022-05-09 |
2022-05-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. |
|
48 |
CVE-2022-27942 |
787 |
|
|
2022-03-26 |
2022-10-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. |
|
49 |
CVE-2022-27941 |
787 |
|
|
2022-03-26 |
2022-10-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. |
|
50 |
CVE-2022-27940 |
787 |
|
|
2022-03-26 |
2022-10-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. |
