Filtered by vendor Broadcom
Subscriptions
Total
507 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4329 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-09-16 | 9.8 Critical |
| Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute | ||||
| CVE-2023-4328 | 2 Broadcom, Linux | 2 Raid Controller Web Interface, Linux Kernel | 2023-09-16 | 5.5 Medium |
| Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows | ||||
| CVE-2023-4327 | 2 Broadcom, Linux | 2 Raid Controller Web Interface, Linux Kernel | 2023-09-16 | 5.5 Medium |
| Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux | ||||
| CVE-2023-4326 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-09-16 | 7.5 High |
| Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites | ||||
| CVE-2023-4325 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-09-16 | 9.8 Critical |
| Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities | ||||
| CVE-2023-4324 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-09-16 | 9.8 Critical |
| Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers | ||||
| CVE-2023-4323 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-09-16 | 9.8 Critical |
| Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup | ||||
| CVE-2023-31927 | 1 Broadcom | 1 Brocade Fabric Operating System | 2023-09-08 | 5.3 Medium |
| An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface. | ||||
| CVE-2023-31925 | 1 Broadcom | 1 Brocade Sannav | 2023-09-05 | 6.5 Medium |
| Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump. | ||||
| CVE-2022-28164 | 1 Broadcom | 1 Sannav | 2023-08-08 | 6.5 Medium |
| Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords. | ||||
| CVE-2022-23992 | 1 Broadcom | 1 Xcom Data Transport | 2023-08-08 | 9.8 Critical |
| XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges. | ||||
| CVE-2022-33755 | 1 Broadcom | 1 Ca Automic Automation | 2023-08-08 | 5.3 Medium |
| CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users. | ||||
| CVE-2022-33181 | 1 Broadcom | 1 Fabric Operating System | 2023-08-08 | 5.5 Medium |
| An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”. | ||||
| CVE-2022-28167 | 1 Broadcom | 1 Sannav | 2023-08-08 | 6.5 Medium |
| Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log | ||||
| CVE-2022-28165 | 1 Broadcom | 1 Sannav | 2023-08-08 | 8.8 High |
| A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests. | ||||
| CVE-2022-37016 | 1 Broadcom | 1 Symantec Endpoint Protection | 2023-08-08 | 9.8 Critical |
| Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2022-28166 | 1 Broadcom | 1 Sannav | 2023-08-08 | 7.5 High |
| In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082. | ||||
| CVE-2021-30651 | 1 Broadcom | 1 Symantec Messaging Gateway | 2023-08-08 | 4.9 Medium |
| A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access. | ||||
| CVE-2022-37017 | 1 Broadcom | 1 Symantec Endpoint Protection | 2023-08-08 | 7.5 High |
| Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled. | ||||
| CVE-2021-46825 | 1 Broadcom | 2 Advanced Secure Gateway, Proxysg | 2023-08-08 | 9.1 Critical |
| Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N | ||||