Vulnerabilities > Broadcom
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-01 | CVE-2023-31426 | Information Exposure Through Log Files vulnerability in Broadcom Fabric Operating System The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. | 6.5 |
| 2023-08-01 | CVE-2023-31425 | OS Command Injection vulnerability in Broadcom Fabric Operating System 9.1.0 A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. | 7.8 |
| 2023-08-01 | CVE-2023-31429 | Command Injection vulnerability in Broadcom Fabric Operating System Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal. | 5.5 |
| 2023-06-01 | CVE-2023-23952 | Command Injection vulnerability in Broadcom Advanced Secure Gateway and Content Analysis Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability. | 9.8 |
| 2023-06-01 | CVE-2023-23953 | Unspecified vulnerability in Broadcom Advanced Secure Gateway and Content Analysis Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability. | 7.8 |
| 2023-06-01 | CVE-2023-23954 | Cross-site Scripting vulnerability in Broadcom Advanced Secure Gateway and Content Analysis Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability. | 5.4 |
| 2023-06-01 | CVE-2023-23955 | Server-Side Request Forgery (SSRF) vulnerability in Broadcom Advanced Secure Gateway and Content Analysis Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. | 8.1 |
| 2023-05-30 | CVE-2023-23956 | Cross-site Scripting vulnerability in Broadcom Symantec Siteminder Webagent 12.52 A user can supply malicious HTML and JavaScript code that will be executed in the client browser | 5.4 |
| 2023-03-30 | CVE-2023-27534 | Path Traversal vulnerability in multiple products A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. | 8.8 |
| 2023-03-30 | CVE-2023-27537 | Double Free vulnerability in multiple products A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". | 5.9 |