Filtered by vendor Broadcom
Subscribe
Total
600 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29953 | 1 Broadcom | 1 Fabric Operating System | 2025-02-04 | N/A | 4.3 MEDIUM |
| A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded passwords. | |||||
| CVE-2023-23956 | 1 Broadcom | 1 Symantec Siteminder Webagent | 2025-01-14 | N/A | 5.4 MEDIUM |
| A user can supply malicious HTML and JavaScript code that will be executed in the client browser | |||||
| CVE-2023-23955 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2025-01-09 | N/A | 8.1 HIGH |
| Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. | |||||
| CVE-2023-23954 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2025-01-09 | N/A | 5.4 MEDIUM |
| Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability. | |||||
| CVE-2023-23953 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2025-01-09 | N/A | 7.8 HIGH |
| Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability. | |||||
| CVE-2023-23952 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2025-01-09 | N/A | 9.8 CRITICAL |
| Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability. | |||||
| CVE-2024-38493 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-11-21 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI. | |||||
| CVE-2024-29954 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | N/A | 5.9 MEDIUM |
| A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line. | |||||
| CVE-2024-23617 | 1 Broadcom | 1 Symantec Data Center Security Server | 2024-11-21 | 9.3 HIGH | 9.6 CRITICAL |
| A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution. | |||||
| CVE-2024-23616 | 1 Broadcom | 1 Symantec Server Management Suite | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM. | |||||
| CVE-2024-23615 | 1 Broadcom | 1 Symantec Messaging Gateway | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. | |||||
| CVE-2024-23614 | 1 Broadcom | 1 Symantec Messaging Gateway | 2024-11-21 | 9.4 HIGH | 10.0 CRITICAL |
| A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. | |||||
| CVE-2024-23613 | 1 Broadcom | 1 Symantec Deployment Solutions | 2024-11-21 | 9.3 HIGH | 10.0 CRITICAL |
| A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM. | |||||
| CVE-2023-4335 | 2 Broadcom, Linux | 2 Raid Controller Web Interface, Linux Kernel | 2024-11-21 | N/A | 7.5 HIGH |
| Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux | |||||
| CVE-2023-4256 | 2 Broadcom, Fedoraproject | 3 Tcpreplay, Extra Packages For Enterprise Linux, Fedora | 2024-11-21 | N/A | 5.5 MEDIUM |
| Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack. | |||||
| CVE-2023-37790 | 1 Broadcom | 1 Clarity | 2024-11-21 | N/A | 5.4 MEDIUM |
| Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function. | |||||
| CVE-2023-31925 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | N/A | 5.4 MEDIUM |
| Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump. | |||||
| CVE-2023-31429 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | N/A | 5.5 MEDIUM |
| Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal. | |||||
| CVE-2023-31426 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | N/A | 6.8 MEDIUM |
| The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information. | |||||
| CVE-2023-31096 | 1 Broadcom | 2 Lsi Pci-sv92ex, Lsi Pci-sv92ex Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM. This can also be used to bypass kernel-level protections such as AV or PPL, because exploit code runs with high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable driver) ransomware campaigns. | |||||