| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-28167 |
922 |
|
|
2022-06-27 |
2022-07-07 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log |
|
2 |
CVE-2022-28164 |
326 |
|
|
2022-05-06 |
2022-05-13 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords. |
|
3 |
CVE-2022-27939 |
617 |
|
|
2022-03-26 |
2022-10-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. |
|
4 |
CVE-2022-25484 |
617 |
|
|
2022-03-22 |
2022-03-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1. |
|
5 |
CVE-2022-23083 |
79 |
|
Exec Code XSS |
2022-01-18 |
2022-01-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine. |
|
6 |
CVE-2021-45387 |
617 |
|
|
2022-02-11 |
2022-10-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c. |
|
7 |
CVE-2021-45386 |
617 |
|
|
2022-02-11 |
2022-10-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c |
|
8 |
CVE-2021-30651 |
522 |
|
|
2022-06-24 |
2022-07-07 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access. |
|
9 |
CVE-2021-30650 |
79 |
|
XSS |
2022-02-18 |
2022-02-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious code into the OTK web UI client application. |
|
10 |
CVE-2021-28246 |
426 |
|
Exec Code |
2021-03-26 |
2021-03-29 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
|
11 |
CVE-2021-27794 |
287 |
|
|
2021-08-12 |
2021-08-23 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST. |
|
12 |
CVE-2021-27789 |
|
|
|
2022-03-18 |
2022-03-28 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials. |
|
13 |
CVE-2021-22890 |
290 |
|
|
2021-04-01 |
2022-04-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check. |
|
14 |
CVE-2020-35507 |
476 |
|
|
2021-01-04 |
2023-01-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. |
|
15 |
CVE-2020-35496 |
476 |
|
|
2021-01-04 |
2022-09-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. |
|
16 |
CVE-2020-35495 |
476 |
|
|
2021-01-04 |
2022-09-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. |
|
17 |
CVE-2020-35493 |
20 |
|
Overflow |
2021-01-04 |
2022-09-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. |
|
18 |
CVE-2020-23273 |
787 |
|
DoS Overflow |
2021-09-22 |
2022-04-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap. |
|
19 |
CVE-2020-18976 |
120 |
|
DoS Overflow |
2021-08-25 |
2022-04-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-edit' binary. This issue is different than CVE-2019-8381. |
|
20 |
CVE-2020-15388 |
|
|
|
2022-03-18 |
2022-07-12 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files. |
|
21 |
CVE-2020-15376 |
|
|
|
2020-12-11 |
2021-09-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups. |
|
22 |
CVE-2020-15375 |
20 |
|
|
2020-12-11 |
2021-06-22 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges. |
|
23 |
CVE-2020-15370 |
532 |
|
|
2020-09-25 |
2021-06-22 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files. |
|
24 |
CVE-2020-15369 |
521 |
|
|
2020-09-25 |
2021-08-23 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host. |
|
25 |
CVE-2020-12595 |
|
|
+Info |
2020-12-10 |
2020-12-14 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4. |
|
26 |
CVE-2020-11660 |
200 |
|
+Info |
2020-04-15 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information. |
|
27 |
CVE-2020-11659 |
639 |
|
|
2020-04-15 |
2020-04-20 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action. |
|
28 |
CVE-2019-19063 |
401 |
|
DoS |
2019-11-18 |
2022-11-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. |
|
29 |
CVE-2019-19054 |
401 |
|
DoS |
2019-11-18 |
2022-11-08 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. |
|
30 |
CVE-2019-16207 |
798 |
|
+Priv |
2019-11-08 |
2019-11-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges. |
|
31 |
CVE-2019-16205 |
330 |
|
|
2019-11-08 |
2019-11-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal. |
|
32 |
CVE-2019-6504 |
79 |
|
XSS |
2019-02-06 |
2021-04-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object. |
|
33 |
CVE-2018-18407 |
125 |
|
DoS |
2018-10-17 |
2022-04-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of service. |
|
34 |
CVE-2018-18371 |
327 |
|
+Info |
2019-08-30 |
2021-06-24 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. |
|
35 |
CVE-2018-18370 |
79 |
|
XSS |
2019-08-30 |
2021-07-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. |
|
36 |
CVE-2018-17974 |
125 |
|
DoS |
2018-10-03 |
2022-04-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service. |
|
37 |
CVE-2018-13825 |
79 |
|
XSS |
2018-08-30 |
2021-04-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks. |
|
38 |
CVE-2018-6590 |
79 |
|
XSS |
2018-08-03 |
2023-01-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. |
|
39 |
CVE-2018-6449 |
79 |
|
XSS |
2020-09-25 |
2021-09-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers |
|
40 |
CVE-2017-18268 |
203 |
|
|
2018-05-17 |
2021-09-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session. |
|
41 |
CVE-2017-15533 |
203 |
|
|
2018-05-17 |
2021-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT research paper. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish multiple millions of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session. |
|
42 |
CVE-2017-6225 |
79 |
|
Exec Code XSS |
2018-02-08 |
2021-06-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information. |
|
43 |
CVE-2016-10257 |
79 |
|
XSS |
2018-01-10 |
2021-07-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256. |
|
44 |
CVE-2016-10256 |
79 |
|
XSS |
2018-01-10 |
2021-06-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257. |
|
45 |
CVE-2016-5310 |
787 |
|
DoS Mem. Corr. |
2017-04-14 |
2021-09-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression. |
|
46 |
CVE-2016-5309 |
125 |
|
DoS |
2017-04-14 |
2021-09-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression. |
|
47 |
CVE-2015-8800 |
74 |
|
|
2016-06-08 |
2021-09-09 |
4.9 |
None |
Remote |
Medium |
??? |
None |
Partial |
Partial |
|
Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access. |
|
48 |
CVE-2015-8699 |
79 |
|
XSS |
2016-06-29 |
2021-04-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
49 |
CVE-2014-9225 |
200 |
|
+Info |
2015-01-21 |
2021-08-04 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors. |
|
50 |
CVE-2014-8247 |
79 |
|
XSS |
2014-12-16 |
2021-04-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
