Latest Broadcom Vulnerabilities

CVE-2024-23617
Symantec Data Loss Prevention Buffer Overflow
Broadcom Symantec Data Center Security Server<=14.0.2
CVE-2024-23616
Symantec Server Management Suite Buffer Overflow
Broadcom Symantec Server Management Suite<=7.9
CVE-2024-23615
Symantec Messaging Gateway Buffer Overflow
Broadcom Symantec Messaging Gateway<=10.5
CVE-2024-23614
Symantec Messaging Gateway Buffer Overflow
Broadcom Symantec Messaging Gateway<=9.5
CVE-2024-23613
Symantec Deployment Solution Remote Code Execution
Broadcom Symantec Deployment Solutions=7.9
CVE-2023-4256
Tcpreplay: tcprewrite: double free in tcpedit_dlt_cleanup() in plugins/dlt_plugins.c
Broadcom Tcpreplay=4.4.3
Broadcom Tcpreplay=4.4.4
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=39
CVE-2021-27795
License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software,
Broadcom Fabric Operating System
Broadcom Brocade 300
Broadcom Brocade 610
Broadcom Brocade 6505
Broadcom Brocade 6510
Broadcom Brocade 6520
and 7 more
CVE-2023-24023
<p>Microsoft is aware of the Bluetooth Forward and Future Secrecy Attacks and Defenses (BLUFFS) vulnerability. For more information regarding the vulnerability, please see <a href="https://www.bluetoo...
Microsoft Windows 10=21H2
Microsoft Windows Server 2022
and 143 more
CVE-2023-37790
Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function.
Broadcom Clarity=14.3.0.298
CVE-2023-31096
An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (I...
Broadcom Lsi Pci-sv92ex Firmware<=2.2.100.1
Broadcom Lsi Pci-sv92ex
CVE-2023-31925
Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP ...
Broadcom Brocade Sannav<2.2.2a
CVE-2023-31424
Web authentication and authorization bypass
Broadcom Brocade Sannav<2.2.2a
CVE-2023-31423
Possible information exposure through log file vulnerability
Broadcom Brocade Sannav<2.2.2a
CVE-2023-4163
Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS
Broadcom Fabric Operating System<9.2.0a
CVE-2023-3489
firmwaredownload command could log servers passwords in clear text
Broadcom Fabric Operating System=9.2.0
CVE-2023-4341
Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI
Broadcom RAID Controller web interface=51.12.0-2779
CVE-2023-4336
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute
Broadcom RAID Controller web interface=51.12.0-2779
CVE-2023-4329
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute
Broadcom RAID Controller web interface=51.12.0-2779
CVE-2023-4335
Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux
Broadcom RAID Controller web interface=51.12.0-2779
Linux Linux Kernel
Linux Linux kernel
CVE-2023-4342
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy
Broadcom RAID Controller web interface=51.12.0-2779
CVE-2023-4327
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
Broadcom RAID Controller web interface=51.12.0-2779
Linux Linux Kernel
Linux Linux kernel
CVE-2023-4333
Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server
Broadcom RAID Controller web interface=51.12.0-2779
Microsoft Windows
CVE-2023-4343
Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter
Broadcom RAID Controller web interface=51.12.0-2779
CVE-2023-4344
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection
Broadcom RAID Controller web interface=51.12.0-2779
CVE-2023-4332
Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file
Broadcom RAID Controller web interface=51.12.0-2779
CVE-2023-4334
Broadcom RAID Controller Web server (nginx) is serving private files without any authentication
Broadcom RAID Controller web interface=51.12.0-2779
CVE-2023-4331
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols
Broadcom RAID Controller web interface=51.12.0-2779
CVE-2023-4337
Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation
Broadcom RAID Controller web interface=51.12.0-2779
CVE-2023-4328
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows
Broadcom RAID Controller web interface=51.12.0-2779
Linux Linux kernel
CVE-2023-4340
Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file
Broadcom RAID Controller web interface=51.12.0-2779
CVE-2023-4338
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers
Broadcom RAID Controller web interface=51.12.0-2779
CVE-2023-4339
Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions
Broadcom RAID Controller web interface=51.12.0-2779
CVE-2023-4324
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
Broadcom RAID Controller web interface=51.12.0-2779
CVE-2023-4323
Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup
Broadcom RAID Controller web interface=51.12.0-2779
CVE-2023-4326
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites
Broadcom RAID Controller web interface=51.12.0-2779
CVE-2023-4325
Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities
Broadcom RAID Controller web interface=51.12.0-2779
CVE-2023-4345
Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user
Broadcom RAID Controller web interface=51.12.0-2779
CVE-2023-31927
An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about t...
Broadcom Brocade Fabric Operating System<9.1.1c
CVE-2023-31926
System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.
Broadcom Brocade Fabric Operating System<9.1.1c
CVE-2023-31428
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep.
Broadcom Brocade Fabric Operating System<9.1.1c
Broadcom Brocade Fabric Operating System=9.2.0
CVE-2023-31928
A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticate...
Broadcom Brocade Fabric Operating System<9.2.0
CVE-2023-31431
A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to...
Broadcom Brocade Fabric Operating System<9.1.1c
Broadcom Brocade Fabric Operating System=9.2.0
CVE-2023-31430
A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric O...
Broadcom Brocade Fabric Operating System<9.1.1c
Broadcom Brocade Fabric Operating System=9.2.0
CVE-2023-31432
Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS version...
Broadcom Brocade Fabric Operating System<9.1.1c
Broadcom Brocade Fabric Operating System=9.2.0
CVE-2023-31427
Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command re...
Broadcom Fabric Operating System<9.1.1c
CVE-2023-31426
scp, sftp, ftp servers passwords in supportsave
Broadcom Fabric Operating System<8.2.3d
Broadcom Fabric Operating System>=9.0.0<9.1.1c
CVE-2023-31429
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfg...
Broadcom Fabric Operating System<9.1.1c
CVE-2023-31425
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation ...
Broadcom Fabric Operating System=9.1.0
CVE-2023-23952
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability.
Broadcom Advanced Secure Gateway<7.3.13.1
Broadcom Content Analysis<3.1.6.0
CVE-2023-23955
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability.
Broadcom Advanced Secure Gateway<7.3.13.1
Broadcom Content Analysis<3.1.6.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203