Filtered by vendor Broadcom
Subscribe
Total
509 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1653 | 1 Broadcom | 1 Total Defense | 2023-11-07 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures. | |||||
| CVE-2000-0762 | 2 Broadcom, Ca | 2 Etrust Access Control, Etrust Access Control | 2023-11-07 | 10.0 HIGH | N/A |
| The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges. | |||||
| CVE-2000-0559 | 1 Broadcom | 1 Etrust Intrusion Detection | 2023-11-07 | 2.1 LOW | N/A |
| eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows local users to easily decrypt the passwords. | |||||
| CVE-2023-31429 | 1 Broadcom | 1 Fabric Operating System | 2023-11-02 | N/A | 5.5 MEDIUM |
| Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal. | |||||
| CVE-2023-31425 | 1 Broadcom | 1 Fabric Operating System | 2023-11-02 | N/A | 7.8 HIGH |
| A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled. | |||||
| CVE-2023-31096 | 1 Broadcom | 2 Lsi Pci-sv92ex, Lsi Pci-sv92ex Firmware | 2023-10-18 | N/A | 7.8 HIGH |
| An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM. This can also be used to bypass kernel-level protections such as AV or PPL, because exploit code runs with high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable driver) ransomware campaigns. | |||||
| CVE-2020-15436 | 3 Broadcom, Linux, Netapp | 34 Brocade Fabric Operating System Firmware, Linux Kernel, A250 and 31 more | 2023-10-12 | 7.2 HIGH | 6.7 MEDIUM |
| Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. | |||||
| CVE-2023-31927 | 1 Broadcom | 1 Brocade Fabric Operating System | 2023-09-08 | N/A | 5.3 MEDIUM |
| An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface. | |||||
| CVE-2023-4333 | 2 Broadcom, Microsoft | 2 Raid Controller Web Interface, Windows | 2023-09-08 | N/A | 5.5 MEDIUM |
| Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server | |||||
| CVE-2023-4328 | 2 Broadcom, Linux | 2 Raid Controller Web Interface, Linux Kernel | 2023-09-08 | N/A | 5.5 MEDIUM |
| Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows | |||||
| CVE-2023-31925 | 1 Broadcom | 1 Brocade Sannav | 2023-09-05 | N/A | 6.5 MEDIUM |
| Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump. | |||||
| CVE-2023-4345 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-22 | N/A | 6.5 MEDIUM |
| Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user | |||||
| CVE-2023-4334 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 7.5 HIGH |
| Broadcom RAID Controller Web server (nginx) is serving private files without any authentication | |||||
| CVE-2023-4335 | 2 Broadcom, Linux | 2 Raid Controller Web Interface, Linux Kernel | 2023-08-21 | N/A | 7.5 HIGH |
| Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux | |||||
| CVE-2023-4336 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute | |||||
| CVE-2023-4337 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation | |||||
| CVE-2023-4339 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 7.5 HIGH |
| Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions | |||||
| CVE-2023-4338 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers | |||||
| CVE-2023-4340 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file | |||||
| CVE-2023-4341 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI | |||||