Filtered by vendor Broadcom
Subscribe
Total
511 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-4337 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-02-28 | N/A | 9.8 CRITICAL |
Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation | |||||
CVE-2023-4334 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-02-28 | N/A | 7.5 HIGH |
Broadcom RAID Controller Web server (nginx) is serving private files without any authentication | |||||
CVE-2023-31432 | 1 Broadcom | 1 Brocade Fabric Operating System | 2024-02-28 | N/A | 7.8 HIGH |
Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0. | |||||
CVE-2023-31429 | 1 Broadcom | 1 Fabric Operating System | 2024-02-28 | N/A | 5.5 MEDIUM |
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal. | |||||
CVE-2023-4333 | 2 Broadcom, Microsoft | 2 Raid Controller Web Interface, Windows | 2024-02-28 | N/A | 5.5 MEDIUM |
Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server | |||||
CVE-2023-4323 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-02-28 | N/A | 9.8 CRITICAL |
Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup | |||||
CVE-2023-31431 | 1 Broadcom | 1 Brocade Fabric Operating System | 2024-02-28 | N/A | 5.5 MEDIUM |
A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service. | |||||
CVE-2023-31427 | 1 Broadcom | 1 Fabric Operating System | 2024-02-28 | N/A | 7.8 HIGH |
Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled. | |||||
CVE-2023-31927 | 1 Broadcom | 1 Brocade Fabric Operating System | 2024-02-28 | N/A | 5.3 MEDIUM |
An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface. | |||||
CVE-2023-31928 | 1 Broadcom | 1 Brocade Fabric Operating System | 2024-02-28 | N/A | 6.1 MEDIUM |
A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application. | |||||
CVE-2023-4338 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-02-28 | N/A | 9.8 CRITICAL |
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers | |||||
CVE-2023-4343 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-02-28 | N/A | 7.5 HIGH |
Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter | |||||
CVE-2023-4163 | 1 Broadcom | 1 Fabric Operating System | 2024-02-28 | N/A | 4.4 MEDIUM |
In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command. | |||||
CVE-2023-31430 | 1 Broadcom | 1 Brocade Fabric Operating System | 2024-02-28 | N/A | 5.5 MEDIUM |
A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service. | |||||
CVE-2023-31428 | 1 Broadcom | 1 Brocade Fabric Operating System | 2024-02-28 | N/A | 5.5 MEDIUM |
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep. | |||||
CVE-2023-4342 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-02-28 | N/A | 9.8 CRITICAL |
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy | |||||
CVE-2023-4345 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-02-28 | N/A | 6.5 MEDIUM |
Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user | |||||
CVE-2023-31425 | 1 Broadcom | 1 Fabric Operating System | 2024-02-28 | N/A | 7.8 HIGH |
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled. | |||||
CVE-2023-31925 | 1 Broadcom | 1 Brocade Sannav | 2024-02-28 | N/A | 6.5 MEDIUM |
Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump. | |||||
CVE-2023-4324 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-02-28 | N/A | 9.8 CRITICAL |
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers |