CVSS: 7.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22254 – Out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2024-22254
05 Mar 2024 — VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox. VMware ESXi contiene una vulnerabilidad de escritura fuera de los límites. Un actor malicioso con privilegios dentro del proceso VMX puede desencadenar una escritura fuera de los límites que conduzca a un escape del entorno limitado. VMware ESXi contains an out-of-bounds write vulnerability. • https://www.vmware.com/security/advisories/VMSA-2024-0006.html • CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 1%CPEs: 1EXPL: 0CVE-2024-23617 – Symantec Data Loss Prevention Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-23617
25 Jan 2024 — A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution. Existe una vulnerabilidad de desbordamiento de búfer en Symantec Data Loss Prevention versión 14.0.2 y anteriores. Un atacante remoto y no autenticado puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un documento manipulado para lograr la ejecución del có... • https://blog.exodusintel.com/2024/01/25/symantec-data-loss-prevention-wp6sr-dll-stack-buffer-overflow-remote-code-execution • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-23616 – Symantec Server Management Suite Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-23616
25 Jan 2024 — A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM. Existe una vulnerabilidad de desbordamiento de búfer en Symantec Server Management Suite versión 7.9 y anteriores. Un atacante remoto y anónimo puede aprovechar esta vulnerabilidad para lograr la ejecución remota de código como SYSTEM. • https://blog.exodusintel.com/2024/01/25/symantec-server-management-suite-axengine-exe-buffer-overflow-remote-code-execution • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-23615 – Symantec Messaging Gateway Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-23615
25 Jan 2024 — A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. Existe una vulnerabilidad de desbordamiento de búfer en las versiones 10.5 y anteriores de Symantec Messaging Gateway. Un atacante remoto y anónimo puede aprovechar esta vulnerabilidad para lograr la ejecución remota de código como root. • https://blog.exodusintel.com/2024/01/25/symantec-messaging-gateway-libdec2lha-so-stack-buffer-overflow-remote-code-execution • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-23614 – Symantec Messaging Gateway Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-23614
25 Jan 2024 — A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. Existe una vulnerabilidad de desbordamiento de búfer en las versiones 9.5 y anteriores de Symantec Messaging Gateway. Un atacante remoto y anónimo puede aprovechar esta vulnerabilidad para lograr la ejecución remota de código como root. • https://blog.exodusintel.com/2024/01/25/symantec-messaging-gateway-stack-buffer-overflow-remote-code-execution • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-23613 – Symantec Deployment Solution Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-23613
25 Jan 2024 — A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM. Existe una vulnerabilidad de desbordamiento de búfer en Symantec Deployment Solution versión 7.9 al analizar los tokens UpdateComputer. Un atacante remoto y anónimo puede aprovechar esta vulnerabilidad para lograr la ejecución remota de código como SYSTEM. • https://blog.exodusintel.com/2024/01/25/symantec-deployment-solution-axengine-exe-buffer-overflow-remote-code-execution • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 2CVE-2023-4256 – Tcpreplay: tcprewrite: double free in tcpedit_dlt_cleanup() in plugins/dlt_plugins.c
https://notcve.org/view.php?id=CVE-2023-4256
21 Dec 2023 — Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack. Dentro de tcprewrite de tcpreplay, se ha identificado una vulnerabilidad de doble liberación en la función tcpedit_dlt_cleanup() dentro de plugins/dlt_plugins.c. Esta vulnerabilidad... • https://bugzilla.redhat.com/show_bug.cgi?id=2255212 • CWE-415: Double Free •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2021-27795 – License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software,
https://notcve.org/view.php?id=CVE-2021-27795
06 Dec 2023 — Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key. Plataformas de hardware Brocade Fabric OS (FOS) que ejecutan cualquier versión d... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-31096
https://notcve.org/view.php?id=CVE-2023-31096
10 Oct 2023 — An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM. This can also be used to bypass kernel-level protections such as AV or PPL, because exploit code runs with high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable drive... • https://cschwarz1.github.io/posts/0x04 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-31424 – Web authentication and authorization bypass
https://notcve.org/view.php?id=CVE-2023-31424
31 Aug 2023 — Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization. La interfaz web Brocade SANnav v2.3.0 y v2.2.2a permite a usuarios remotos no autenticados eludir la autenticación y autorización web. • https://security.netapp.com/advisory/ntap-20240229-0004 • CWE-290: Authentication Bypass by Spoofing •