Filtered by vendor Broadcom
Subscriptions
Total
517 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-23956 | 1 Broadcom | 1 Symantec Siteminder Webagent | 2025-01-14 | 6.1 Medium |
A user can supply malicious HTML and JavaScript code that will be executed in the client browser | ||||
CVE-2023-23955 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2025-01-09 | 8.1 High |
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. | ||||
CVE-2023-23954 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2025-01-09 | 5.4 Medium |
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability. | ||||
CVE-2023-23953 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2025-01-09 | 7.8 High |
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability. | ||||
CVE-2023-23952 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2025-01-09 | 9.8 Critical |
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability. | ||||
CVE-2014-0160 | 13 Broadcom, Canonical, Debian and 10 more | 37 Symantec Messaging Gateway, Ubuntu Linux, Debian Linux and 34 more | 2025-01-06 | 7.5 High |
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | ||||
CVE-2024-3596 | 4 Broadcom, Freeradius, Redhat and 1 more | 10 Brocade Sannav, Fabric Operating System, Freeradius and 7 more | 2024-12-30 | 9.0 Critical |
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. | ||||
CVE-2024-38813 | 2 Broadcom, Vmware | 3 Vmware Center Server, Vmware Cloud Foundation, Vcenter Server | 2024-11-22 | 7.5 High |
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. | ||||
CVE-2024-38812 | 2 Broadcom, Vmware | 3 Vmware Cloud Foundation, Vmware Vcenter Server, Vcenter Server | 2024-11-22 | 9.8 Critical |
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | ||||
CVE-2024-38493 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-11-21 | 6.1 Medium |
A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI. | ||||
CVE-2024-36459 | 1 Broadcom | 1 Symantec Siteminder | 2024-11-21 | N/A |
A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser. | ||||
CVE-2024-36456 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-11-21 | N/A |
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | ||||
CVE-2024-36455 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-11-21 | N/A |
An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. | ||||
CVE-2024-29954 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 5.9 Medium |
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line. | ||||
CVE-2024-23617 | 1 Broadcom | 1 Symantec Data Center Security Server | 2024-11-21 | 9.6 Critical |
A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution. | ||||
CVE-2024-23616 | 1 Broadcom | 1 Symantec Server Management Suite | 2024-11-21 | 10 Critical |
A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM. | ||||
CVE-2024-23615 | 1 Broadcom | 1 Symantec Messaging Gateway | 2024-11-21 | 10 Critical |
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. | ||||
CVE-2024-23614 | 1 Broadcom | 1 Symantec Messaging Gateway | 2024-11-21 | 10 Critical |
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. | ||||
CVE-2024-23613 | 1 Broadcom | 1 Symantec Deployment Solutions | 2024-11-21 | 10 Critical |
A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM. | ||||
CVE-2023-4345 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-11-21 | 6.5 Medium |
Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user |