Filtered by vendor Broadcom Subscriptions
Total 517 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-23956 1 Broadcom 1 Symantec Siteminder Webagent 2025-01-14 6.1 Medium
A user can supply malicious HTML and JavaScript code that will be executed in the client browser
CVE-2023-23955 1 Broadcom 2 Advanced Secure Gateway, Content Analysis 2025-01-09 8.1 High
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability.
CVE-2023-23954 1 Broadcom 2 Advanced Secure Gateway, Content Analysis 2025-01-09 5.4 Medium
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability.
CVE-2023-23953 1 Broadcom 2 Advanced Secure Gateway, Content Analysis 2025-01-09 7.8 High
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability.
CVE-2023-23952 1 Broadcom 2 Advanced Secure Gateway, Content Analysis 2025-01-09 9.8 Critical
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability.
CVE-2014-0160 13 Broadcom, Canonical, Debian and 10 more 37 Symantec Messaging Gateway, Ubuntu Linux, Debian Linux and 34 more 2025-01-06 7.5 High
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
CVE-2024-3596 4 Broadcom, Freeradius, Redhat and 1 more 10 Brocade Sannav, Fabric Operating System, Freeradius and 7 more 2024-12-30 9.0 Critical
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
CVE-2024-38813 2 Broadcom, Vmware 3 Vmware Center Server, Vmware Cloud Foundation, Vcenter Server 2024-11-22 7.5 High
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
CVE-2024-38812 2 Broadcom, Vmware 3 Vmware Cloud Foundation, Vmware Vcenter Server, Vcenter Server 2024-11-22 9.8 Critical
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
CVE-2024-38493 1 Broadcom 1 Symantec Privileged Access Management 2024-11-21 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.
CVE-2024-36459 1 Broadcom 1 Symantec Siteminder 2024-11-21 N/A
A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser.
CVE-2024-36456 1 Broadcom 1 Symantec Privileged Access Management 2024-11-21 N/A
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.
CVE-2024-36455 1 Broadcom 1 Symantec Privileged Access Management 2024-11-21 N/A
An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.
CVE-2024-29954 1 Broadcom 1 Fabric Operating System 2024-11-21 5.9 Medium
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line.
CVE-2024-23617 1 Broadcom 1 Symantec Data Center Security Server 2024-11-21 9.6 Critical
A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution.
CVE-2024-23616 1 Broadcom 1 Symantec Server Management Suite 2024-11-21 10 Critical
A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.
CVE-2024-23615 1 Broadcom 1 Symantec Messaging Gateway 2024-11-21 10 Critical
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.
CVE-2024-23614 1 Broadcom 1 Symantec Messaging Gateway 2024-11-21 10 Critical
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.
CVE-2024-23613 1 Broadcom 1 Symantec Deployment Solutions 2024-11-21 10 Critical
A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.
CVE-2023-4345 1 Broadcom 1 Raid Controller Web Interface 2024-11-21 6.5 Medium
Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user