Filtered by vendor Broadcom Subscriptions
Total 516 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-38812 2 Broadcom, Vmware 3 Vmware Cloud Foundation, Vmware Vcenter Server, Vcenter Server 2024-11-22 9.8 Critical
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
CVE-2024-38813 2 Broadcom, Vmware 3 Vmware Center Server, Vmware Cloud Foundation, Vcenter Server 2024-11-22 7.5 High
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
CVE-2024-38493 1 Broadcom 1 Symantec Privileged Access Management 2024-11-21 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.
CVE-2024-36459 1 Broadcom 1 Symantec Siteminder 2024-11-21 N/A
A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser.
CVE-2024-36456 1 Broadcom 1 Symantec Privileged Access Management 2024-11-21 N/A
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.
CVE-2024-36455 1 Broadcom 1 Symantec Privileged Access Management 2024-11-21 N/A
An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.
CVE-2024-29954 1 Broadcom 1 Fabric Operating System 2024-11-21 5.9 Medium
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line.
CVE-2024-23617 1 Broadcom 1 Symantec Data Center Security Server 2024-11-21 9.6 Critical
A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution.
CVE-2024-23616 1 Broadcom 1 Symantec Server Management Suite 2024-11-21 10 Critical
A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.
CVE-2024-23615 1 Broadcom 1 Symantec Messaging Gateway 2024-11-21 10 Critical
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.
CVE-2024-23614 1 Broadcom 1 Symantec Messaging Gateway 2024-11-21 10 Critical
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.
CVE-2024-23613 1 Broadcom 1 Symantec Deployment Solutions 2024-11-21 10 Critical
A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.
CVE-2023-4345 1 Broadcom 1 Raid Controller Web Interface 2024-11-21 6.5 Medium
Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user
CVE-2023-4344 1 Broadcom 1 Raid Controller Web Interface 2024-11-21 9.8 Critical
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection
CVE-2023-4343 1 Broadcom 1 Raid Controller Web Interface 2024-11-21 7.5 High
Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter
CVE-2023-4342 1 Broadcom 1 Raid Controller Web Interface 2024-11-21 9.8 Critical
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy
CVE-2023-4341 1 Broadcom 1 Raid Controller Web Interface 2024-11-21 9.8 Critical
Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI
CVE-2023-4340 1 Broadcom 1 Raid Controller Web Interface 2024-11-21 9.8 Critical
Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file
CVE-2023-4339 1 Broadcom 1 Raid Controller Web Interface 2024-11-21 7.5 High
Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions
CVE-2023-4338 1 Broadcom 1 Raid Controller Web Interface 2024-11-21 9.8 Critical
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers