Filtered by vendor Broadcom
Subscribe
Total
506 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-4339 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-12-10 | N/A | 7.5 HIGH |
Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions | |||||
CVE-2023-4337 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-12-10 | N/A | 9.8 CRITICAL |
Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation | |||||
CVE-2023-4340 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-12-10 | N/A | 9.8 CRITICAL |
Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file | |||||
CVE-2023-4327 | 2 Broadcom, Linux | 2 Raid Controller Web Interface, Linux Kernel | 2023-12-10 | N/A | 5.5 MEDIUM |
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux | |||||
CVE-2023-4326 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-12-10 | N/A | 7.5 HIGH |
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites | |||||
CVE-2023-4341 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-12-10 | N/A | 9.8 CRITICAL |
Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI | |||||
CVE-2023-31927 | 1 Broadcom | 1 Brocade Fabric Operating System | 2023-12-10 | N/A | 5.3 MEDIUM |
An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface. | |||||
CVE-2023-4332 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-12-10 | N/A | 7.5 HIGH |
Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file | |||||
CVE-2023-4325 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-12-10 | N/A | 9.8 CRITICAL |
Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities | |||||
CVE-2023-31425 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | N/A | 7.8 HIGH |
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled. | |||||
CVE-2023-4343 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-12-10 | N/A | 7.5 HIGH |
Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter | |||||
CVE-2023-4163 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | N/A | 4.4 MEDIUM |
In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command. | |||||
CVE-2023-4345 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-12-10 | N/A | 6.5 MEDIUM |
Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user | |||||
CVE-2023-4338 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-12-10 | N/A | 9.8 CRITICAL |
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers | |||||
CVE-2023-31925 | 1 Broadcom | 1 Brocade Sannav | 2023-12-10 | N/A | 6.5 MEDIUM |
Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump. | |||||
CVE-2023-4333 | 2 Broadcom, Microsoft | 2 Raid Controller Web Interface, Windows | 2023-12-10 | N/A | 5.5 MEDIUM |
Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server | |||||
CVE-2023-4329 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-12-10 | N/A | 9.8 CRITICAL |
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute | |||||
CVE-2023-4331 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-12-10 | N/A | 7.5 HIGH |
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols | |||||
CVE-2023-31096 | 1 Broadcom | 2 Lsi Pci-sv92ex, Lsi Pci-sv92ex Firmware | 2023-12-10 | N/A | 7.8 HIGH |
An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM. This can also be used to bypass kernel-level protections such as AV or PPL, because exploit code runs with high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable driver) ransomware campaigns. | |||||
CVE-2023-4323 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-12-10 | N/A | 9.8 CRITICAL |
Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup |