Filtered by vendor Broadcom
Subscriptions
Total
516 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-4337 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-11-21 | 9.8 Critical |
Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation | ||||
CVE-2023-4336 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-11-21 | 9.8 Critical |
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute | ||||
CVE-2023-4335 | 3 Broadcom, Intel, Linux | 4 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 and 1 more | 2024-11-21 | 7.5 High |
Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux | ||||
CVE-2023-4334 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-11-21 | 7.5 High |
Broadcom RAID Controller Web server (nginx) is serving private files without any authentication | ||||
CVE-2023-4333 | 2 Broadcom, Microsoft | 2 Raid Controller Web Interface, Windows | 2024-11-21 | 5.5 Medium |
Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server | ||||
CVE-2023-4332 | 2 Broadcom, Intel | 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 | 2024-11-21 | 7.5 High |
Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file | ||||
CVE-2023-4331 | 2 Broadcom, Intel | 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 | 2024-11-21 | 7.5 High |
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols | ||||
CVE-2023-4329 | 2 Broadcom, Intel | 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 | 2024-11-21 | 9.8 Critical |
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute | ||||
CVE-2023-4328 | 2 Broadcom, Linux | 2 Raid Controller Web Interface, Linux Kernel | 2024-11-21 | 5.5 Medium |
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows | ||||
CVE-2023-4327 | 2 Broadcom, Linux | 2 Raid Controller Web Interface, Linux Kernel | 2024-11-21 | 5.5 Medium |
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux | ||||
CVE-2023-4326 | 1 Broadcom | 2 Lsi Storage Authority, Raid Controller Web Interface | 2024-11-21 | 7.5 High |
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites | ||||
CVE-2023-4325 | 2 Broadcom, Intel | 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 | 2024-11-21 | 9.8 Critical |
Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities | ||||
CVE-2023-4324 | 2 Broadcom, Intel | 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 | 2024-11-21 | 9.8 Critical |
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers | ||||
CVE-2023-4323 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-11-21 | 9.8 Critical |
Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup | ||||
CVE-2023-4256 | 2 Broadcom, Fedoraproject | 3 Tcpreplay, Extra Packages For Enterprise Linux, Fedora | 2024-11-21 | 5.5 Medium |
Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack. | ||||
CVE-2023-4163 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 4.4 Medium |
In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command. | ||||
CVE-2023-3489 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 8.6 High |
The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS. | ||||
CVE-2023-37790 | 1 Broadcom | 1 Clarity | 2024-11-21 | 5.4 Medium |
Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function. | ||||
CVE-2023-31928 | 1 Broadcom | 1 Brocade Fabric Operating System | 2024-11-21 | 6.3 Medium |
A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application. | ||||
CVE-2023-31927 | 1 Broadcom | 1 Brocade Fabric Operating System | 2024-11-21 | 5.3 Medium |
An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface. |