Filtered by vendor Broadcom Subscriptions
Total 516 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-4337 1 Broadcom 1 Raid Controller Web Interface 2024-11-21 9.8 Critical
Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation
CVE-2023-4336 1 Broadcom 1 Raid Controller Web Interface 2024-11-21 9.8 Critical
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute
CVE-2023-4335 3 Broadcom, Intel, Linux 4 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 and 1 more 2024-11-21 7.5 High
Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux
CVE-2023-4334 1 Broadcom 1 Raid Controller Web Interface 2024-11-21 7.5 High
Broadcom RAID Controller Web server (nginx) is serving private files without any authentication
CVE-2023-4333 2 Broadcom, Microsoft 2 Raid Controller Web Interface, Windows 2024-11-21 5.5 Medium
Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server
CVE-2023-4332 2 Broadcom, Intel 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 2024-11-21 7.5 High
Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file
CVE-2023-4331 2 Broadcom, Intel 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 2024-11-21 7.5 High
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols
CVE-2023-4329 2 Broadcom, Intel 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 2024-11-21 9.8 Critical
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute
CVE-2023-4328 2 Broadcom, Linux 2 Raid Controller Web Interface, Linux Kernel 2024-11-21 5.5 Medium
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows
CVE-2023-4327 2 Broadcom, Linux 2 Raid Controller Web Interface, Linux Kernel 2024-11-21 5.5 Medium
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
CVE-2023-4326 1 Broadcom 2 Lsi Storage Authority, Raid Controller Web Interface 2024-11-21 7.5 High
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites
CVE-2023-4325 2 Broadcom, Intel 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 2024-11-21 9.8 Critical
Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities
CVE-2023-4324 2 Broadcom, Intel 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 2024-11-21 9.8 Critical
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
CVE-2023-4323 1 Broadcom 1 Raid Controller Web Interface 2024-11-21 9.8 Critical
Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup
CVE-2023-4256 2 Broadcom, Fedoraproject 3 Tcpreplay, Extra Packages For Enterprise Linux, Fedora 2024-11-21 5.5 Medium
Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.
CVE-2023-4163 1 Broadcom 1 Fabric Operating System 2024-11-21 4.4 Medium
In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command.
CVE-2023-3489 1 Broadcom 1 Fabric Operating System 2024-11-21 8.6 High
The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS.
CVE-2023-37790 1 Broadcom 1 Clarity 2024-11-21 5.4 Medium
Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function.
CVE-2023-31928 1 Broadcom 1 Brocade Fabric Operating System 2024-11-21 6.3 Medium
A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application.
CVE-2023-31927 1 Broadcom 1 Brocade Fabric Operating System 2024-11-21 5.3 Medium
An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface.