ReportizFlow
Filtered by vendor Broadcom
Subscriptions
Total
600 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1976 | 1 Broadcom | 1 Fabric Operating System | 2025-07-30 | 6.7 Medium |
| Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6. | ||||
| CVE-2020-15778 | 4 Broadcom, Netapp, Openbsd and 1 more | 11 Fabric Operating System, A700s, A700s Firmware and 8 more | 2025-07-28 | 7.4 High |
| scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows." | ||||
| CVE-2010-0425 | 5 Apache, Broadcom, Ibm and 2 more | 6 Http Server, Vmware Ace Management Server, Http Server and 3 more | 2025-07-24 | N/A |
| modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers." | ||||
| CVE-2025-22248 | 1 Broadcom | 2 Bitnami, Bitnami\/pgpool | 2025-07-18 | 7.5 High |
| The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. The PGPOOL_SR_CHECK_USER is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at trust level. This allows to log into a PostgreSQL database using the repgmr user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the bitnami/postgres-ha Kubernetes Helm chart. | ||||
| CVE-2025-22243 | 2 Broadcom, Vmware | 4 Vmware Nsx, Cloud Foundation, Telco Cloud Infrastructure and 1 more | 2025-07-14 | 7.5 High |
| VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation. | ||||
| CVE-2025-22244 | 2 Broadcom, Vmware | 4 Vmware Nsx, Cloud Foundation, Telco Cloud Infrastructure and 1 more | 2025-07-14 | 6.9 Medium |
| VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation. | ||||
| CVE-2025-22245 | 2 Broadcom, Vmware | 4 Vmware Nsx, Cloud Foundation, Telco Cloud Infrastructure and 1 more | 2025-07-14 | 5.9 Medium |
| VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation. | ||||
| CVE-2024-38492 | 1 Broadcom | 1 Symantec Privileged Access Management | 2025-07-13 | N/A |
| This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | ||||
| CVE-2024-36457 | 1 Broadcom | 1 Symantec Privileged Access Management | 2025-07-13 | N/A |
| The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint. | ||||
| CVE-2024-38495 | 1 Broadcom | 1 Symantec Privileged Access Management | 2025-07-13 | N/A |
| A specific authentication strategy allows a malicious attacker to learn ids of all PAM users defined in its database. | ||||
| CVE-2024-38494 | 1 Broadcom | 1 Symantec Privileged Access Management | 2025-07-13 | N/A |
| This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. | ||||
| CVE-2024-36458 | 1 Broadcom | 1 Symantec Privileged Access Management | 2025-07-13 | N/A |
| The vulnerability allows a malicious low-privileged PAM user to perform server upgrade related actions. | ||||
| CVE-2024-38496 | 1 Broadcom | 1 Symantec Privileged Access Management | 2025-07-13 | N/A |
| The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships. | ||||
| CVE-2025-24500 | 1 Broadcom | 1 Symantec Privileged Access Management | 2025-07-12 | N/A |
| The vulnerability allows an unauthenticated attacker to access information in PAM database. | ||||
| CVE-2025-24501 | 1 Broadcom | 1 Symantec Privileged Access Management | 2025-07-12 | N/A |
| An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request. | ||||
| CVE-2025-24504 | 1 Broadcom | 1 Symantec Privileged Access Management | 2025-07-12 | N/A |
| An improper input validation the CSRF filter results in unsanitized user input written to the application logs. | ||||
| CVE-2025-24506 | 1 Broadcom | 1 Symantec Privileged Access Management | 2025-07-12 | N/A |
| A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types. | ||||
| CVE-2022-23302 | 6 Apache, Broadcom, Netapp and 3 more | 44 Log4j, Brocade Sannav, Snapmanager and 41 more | 2025-07-07 | 8.8 High |
| JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | ||||
| CVE-2023-38709 | 7 Apache, Apple, Broadcom and 4 more | 9 Http Server, Macos, Fabric Operating System and 6 more | 2025-06-30 | 7.3 High |
| Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. | ||||
| CVE-2024-24795 | 7 Apache, Apple, Broadcom and 4 more | 8 Http Server, Macos, Fabric Operating System and 5 more | 2025-06-30 | 6.3 Medium |
| HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue. | ||||