Vulnerabilities > Broadcom

DATE CVE VULNERABILITY TITLE RISK
2022-01-18 CVE-2022-23083 Cross-site Scripting vulnerability in Broadcom products
NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine.
network
low complexity
broadcom CWE-79
6.1
2022-01-18 CVE-2022-23302 Deserialization of Untrusted Data vulnerability in multiple products
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to.
network
low complexity
apache netapp broadcom qos oracle CWE-502
8.8
2022-01-18 CVE-2022-23305 SQL Injection vulnerability in multiple products
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout.
network
low complexity
apache netapp broadcom qos oracle CWE-89
critical
9.8
2021-12-02 CVE-2021-44050 SQL Injection vulnerability in Broadcom CA Network Flow Analysis
CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data.
network
low complexity
broadcom CWE-89
6.5
2021-11-12 CVE-2021-42773 Unspecified vulnerability in Broadcom Emulex HBA Manager
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command.
network
low complexity
broadcom
7.5
2021-11-12 CVE-2021-42774 Classic Buffer Overflow vulnerability in Broadcom Emulex HBA Manager
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks.
network
low complexity
broadcom CWE-120
critical
9.8
2021-11-12 CVE-2021-42775 Unspecified vulnerability in Broadcom Emulex HBA Manager
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host.
network
low complexity
broadcom
critical
9.1
2021-11-03 CVE-2021-42772 Classic Buffer Overflow vulnerability in Broadcom Emulex HBA Manager and ONE Command Manager
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that could allow a user to attempt various attacks.
network
low complexity
broadcom CWE-120
critical
9.8
2021-09-22 CVE-2020-23273 Out-of-bounds Write vulnerability in Broadcom Tcpreplay 4.3.2
Heap-buffer overflow in the randomize_iparp function in edit_packet.c.
local
low complexity
broadcom CWE-787
5.5
2021-09-16 CVE-2021-34798 NULL Pointer Dereference vulnerability in multiple products
Malformed requests may cause the server to dereference a NULL pointer.
7.5