Filtered by vendor Broadcom
Subscriptions
Total
516 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-27538 | 7 Broadcom, Debian, Fedoraproject and 4 more | 16 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 13 more | 2024-11-21 | 5.5 Medium |
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection. | ||||
CVE-2023-27537 | 4 Broadcom, Haxx, Netapp and 1 more | 13 Brocade Fabric Operating System Firmware, Libcurl, Active Iq Unified Manager and 10 more | 2024-11-21 | 5.9 Medium |
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free. | ||||
CVE-2023-27534 | 6 Broadcom, Fedoraproject, Haxx and 3 more | 15 Brocade Fabric Operating System Firmware, Fedora, Curl and 12 more | 2024-11-21 | 8.8 High |
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. | ||||
CVE-2023-23956 | 1 Broadcom | 1 Symantec Siteminder Webagent | 2024-11-21 | 5.4 Medium |
A user can supply malicious HTML and JavaScript code that will be executed in the client browser | ||||
CVE-2023-23955 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2024-11-21 | 8.1 High |
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. | ||||
CVE-2023-23954 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2024-11-21 | 5.4 Medium |
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability. | ||||
CVE-2023-23953 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2024-11-21 | 7.8 High |
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability. | ||||
CVE-2023-23952 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2024-11-21 | 9.8 Critical |
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability. | ||||
CVE-2023-23951 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2024-11-21 | 6.1 Medium |
Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application | ||||
CVE-2023-23950 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2024-11-21 | 6.1 Medium |
User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. | ||||
CVE-2023-23949 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2024-11-21 | 5.4 Medium |
An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. | ||||
CVE-2022-3643 | 3 Broadcom, Debian, Linux | 3 Bcm5780, Debian Linux, Linux Kernel | 2024-11-21 | 6.5 Medium |
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. | ||||
CVE-2022-37049 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 7.8 High |
The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942. | ||||
CVE-2022-37048 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 7.8 High |
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941. | ||||
CVE-2022-37047 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 7.8 High |
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940. | ||||
CVE-2022-37017 | 1 Broadcom | 1 Symantec Endpoint Protection | 2024-11-21 | 7.5 High |
Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled. | ||||
CVE-2022-37016 | 1 Broadcom | 1 Symantec Endpoint Protection | 2024-11-21 | 9.8 Critical |
Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
CVE-2022-33756 | 1 Broadcom | 1 Ca Automic Automation | 2024-11-21 | 7.5 High |
CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data. | ||||
CVE-2022-33755 | 1 Broadcom | 1 Ca Automic Automation | 2024-11-21 | 5.3 Medium |
CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users. | ||||
CVE-2022-33754 | 1 Broadcom | 1 Ca Automic Automation | 2024-11-21 | 9.8 Critical |
CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. |