Filtered by vendor Broadcom
Subscribe
Total
511 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-4335 | 2 Broadcom, Linux | 2 Raid Controller Web Interface, Linux Kernel | 2024-02-28 | N/A | 7.5 HIGH |
Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux | |||||
CVE-2023-31926 | 1 Broadcom | 1 Brocade Fabric Operating System | 2024-02-28 | N/A | 7.1 HIGH |
System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0. | |||||
CVE-2023-3489 | 1 Broadcom | 1 Fabric Operating System | 2024-02-28 | N/A | 7.5 HIGH |
The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS. | |||||
CVE-2023-4325 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-02-28 | N/A | 9.8 CRITICAL |
Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities | |||||
CVE-2023-4339 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-02-28 | N/A | 7.5 HIGH |
Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions | |||||
CVE-2023-23954 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2024-02-28 | N/A | 5.4 MEDIUM |
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability. | |||||
CVE-2023-23956 | 1 Broadcom | 1 Symantec Siteminder Webagent | 2024-02-28 | N/A | 5.4 MEDIUM |
A user can supply malicious HTML and JavaScript code that will be executed in the client browser | |||||
CVE-2023-23953 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2024-02-28 | N/A | 7.8 HIGH |
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability. | |||||
CVE-2023-23955 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2024-02-28 | N/A | 8.1 HIGH |
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. | |||||
CVE-2023-23952 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2024-02-28 | N/A | 9.8 CRITICAL |
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability. | |||||
CVE-2022-37016 | 1 Broadcom | 1 Symantec Endpoint Protection | 2024-02-28 | N/A | 9.8 CRITICAL |
Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
CVE-2023-23950 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2024-02-28 | N/A | 6.1 MEDIUM |
User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. | |||||
CVE-2023-27783 | 1 Broadcom | 1 Tcpreplay | 2024-02-28 | N/A | 7.5 HIGH |
An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. | |||||
CVE-2023-23949 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2024-02-28 | N/A | 5.4 MEDIUM |
An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. | |||||
CVE-2022-25631 | 1 Broadcom | 1 Symantec Endpoint Protection | 2024-02-28 | N/A | 7.8 HIGH |
Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated | |||||
CVE-2022-33187 | 1 Broadcom | 1 Brocade Sannav | 2024-02-28 | N/A | 4.9 MEDIUM |
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information. | |||||
CVE-2023-27784 | 1 Broadcom | 1 Tcpreplay | 2024-02-28 | N/A | 7.5 HIGH |
An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint. | |||||
CVE-2023-27786 | 1 Broadcom | 1 Tcpreplay | 2024-02-28 | N/A | 7.5 HIGH |
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function. | |||||
CVE-2023-23951 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2024-02-28 | N/A | 6.1 MEDIUM |
Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application | |||||
CVE-2022-25628 | 1 Broadcom | 1 Symantec Identity Governance And Administration | 2024-02-28 | N/A | 8.8 HIGH |
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4 |