| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2023-27789 |
617 |
|
DoS |
2023-03-16 |
2023-05-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint. |
|
2 |
CVE-2023-27788 |
617 |
|
DoS |
2023-03-16 |
2023-05-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the ports2PORT function at the portmap.c:69 endpoint. |
|
3 |
CVE-2023-27787 |
476 |
|
DoS |
2023-03-16 |
2023-05-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint. |
|
4 |
CVE-2023-27786 |
476 |
|
DoS |
2023-03-16 |
2023-05-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function. |
|
5 |
CVE-2023-27785 |
476 |
|
DoS |
2023-03-16 |
2023-05-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function. |
|
6 |
CVE-2023-27784 |
476 |
|
DoS |
2023-03-16 |
2023-05-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint. |
|
7 |
CVE-2023-27783 |
617 |
|
DoS |
2023-03-16 |
2023-05-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. |
|
8 |
CVE-2023-23956 |
79 |
|
Exec Code XSS |
2023-05-30 |
2023-06-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A user can supply malicious HTML and JavaScript code that will be executed in the client browser |
|
9 |
CVE-2023-23955 |
918 |
|
|
2023-06-01 |
2023-06-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. |
|
10 |
CVE-2023-23954 |
79 |
|
XSS |
2023-06-01 |
2023-06-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability. |
|
11 |
CVE-2023-23953 |
|
|
|
2023-06-01 |
2023-06-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability. |
|
12 |
CVE-2023-23952 |
77 |
|
|
2023-06-01 |
2023-06-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability. |
|
13 |
CVE-2023-23951 |
79 |
|
XSS |
2023-01-26 |
2023-02-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application |
|
14 |
CVE-2023-23950 |
79 |
|
XSS |
2023-01-26 |
2023-02-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. |
|
15 |
CVE-2023-23949 |
79 |
|
Exec Code XSS |
2023-01-26 |
2023-02-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. |
|
16 |
CVE-2022-37049 |
787 |
|
Overflow |
2022-08-18 |
2022-10-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942. |
|
17 |
CVE-2022-37048 |
787 |
|
Overflow |
2022-08-18 |
2022-10-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941. |
|
18 |
CVE-2022-37047 |
787 |
|
Overflow |
2022-08-18 |
2022-10-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940. |
|
19 |
CVE-2022-37017 |
863 |
|
Bypass |
2022-12-01 |
2022-12-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled. |
|
20 |
CVE-2022-37016 |
269 |
|
+Priv |
2022-12-01 |
2022-12-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. |
|
21 |
CVE-2022-33187 |
532 |
|
|
2022-12-09 |
2022-12-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information. |
|
22 |
CVE-2022-33185 |
787 |
|
Exec Code Overflow |
2022-10-25 |
2023-02-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account. |
|
23 |
CVE-2022-33184 |
787 |
|
Exec Code Overflow |
2022-10-25 |
2023-03-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account. |
|
24 |
CVE-2022-33183 |
|
|
Overflow |
2022-10-25 |
2023-02-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands. |
|
25 |
CVE-2022-33182 |
|
|
|
2022-10-25 |
2023-02-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”. |
|
26 |
CVE-2022-33181 |
200 |
|
+Info |
2022-10-25 |
2023-03-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”. |
|
27 |
CVE-2022-33180 |
|
|
|
2022-10-25 |
2023-03-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”. |
|
28 |
CVE-2022-33179 |
|
|
|
2022-10-25 |
2023-03-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. |
|
29 |
CVE-2022-33178 |
20 |
|
Exec Code |
2022-10-25 |
2023-03-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. |
|
30 |
CVE-2022-28170 |
922 |
|
|
2022-10-25 |
2023-03-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. |
|
31 |
CVE-2022-28169 |
269 |
|
+Priv |
2022-10-25 |
2023-03-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header. |
|
32 |
CVE-2022-25631 |
269 |
|
+Priv |
2023-01-20 |
2023-02-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated |
|
33 |
CVE-2022-25628 |
611 |
|
|
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4 |
|
34 |
CVE-2022-25627 |
|
|
Exec Code |
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4 |
|
35 |
CVE-2022-25626 |
287 |
|
|
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session. |
|
36 |
CVE-2022-25625 |
|
|
|
2022-08-26 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A malicious unauthorized PAM user can access the administration configuration data and change the values. |
|
37 |
CVE-2021-27798 |
22 |
|
Dir. Trav. |
2022-08-05 |
2022-08-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions v7.4.1.x and v7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life Publish report. |
