Vulnerabilities > Broadcom > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-15 | CVE-2023-4337 | Unspecified vulnerability in Broadcom Raid Controller web Interface 51.12.02779 Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation | 9.8 |
| 2023-08-15 | CVE-2023-4338 | Unspecified vulnerability in Broadcom Raid Controller web Interface 51.12.02779 Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers | 9.8 |
| 2023-08-15 | CVE-2023-4340 | Unspecified vulnerability in Broadcom Raid Controller web Interface 51.12.02779 Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file | 9.8 |
| 2023-08-15 | CVE-2023-4341 | Unspecified vulnerability in Broadcom Raid Controller web Interface 51.12.02779 Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI | 9.8 |
| 2023-08-15 | CVE-2023-4342 | Unspecified vulnerability in Broadcom Raid Controller web Interface 51.12.02779 Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy | 9.8 |
| 2023-08-15 | CVE-2023-4344 | Use of Insufficiently Random Values vulnerability in Broadcom Raid Controller web Interface 51.12.02779 Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection | 9.8 |
| 2023-06-01 | CVE-2023-23952 | Command Injection vulnerability in Broadcom Advanced Secure Gateway and Content Analysis Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability. | 9.8 |
| 2022-12-01 | CVE-2022-37016 | Unspecified vulnerability in Broadcom Symantec Endpoint Protection Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 9.8 |
| 2022-07-07 | CVE-2021-46825 | HTTP Request Smuggling vulnerability in Broadcom Advanced Secure Gateway and Proxysg Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. | 9.1 |
| 2022-06-21 | CVE-2022-2068 | OS Command Injection vulnerability in multiple products In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. | 9.8 |