Vulnerabilities > Broadcom > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-15 CVE-2023-4343 Unspecified vulnerability in Broadcom Raid Controller web Interface 51.12.02779
Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter
network
low complexity
broadcom
7.5
2023-08-02 CVE-2023-31926 Improper Preservation of Permissions vulnerability in Broadcom Brocade Fabric Operating System
System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.
local
low complexity
broadcom CWE-281
7.1
2023-08-02 CVE-2023-31432 Improper Privilege Management vulnerability in Broadcom Brocade Fabric Operating System
Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.
local
low complexity
broadcom CWE-269
7.8
2023-08-01 CVE-2023-31427 Path Traversal vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege.
local
low complexity
broadcom CWE-22
7.8
2023-08-01 CVE-2023-31425 OS Command Injection vulnerability in Broadcom Fabric Operating System 9.1.0
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell.
local
low complexity
broadcom CWE-78
7.8
2023-06-01 CVE-2023-23953 Unspecified vulnerability in Broadcom Advanced Secure Gateway and Content Analysis
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability.
local
low complexity
broadcom
7.8
2023-06-01 CVE-2023-23955 Server-Side Request Forgery (SSRF) vulnerability in Broadcom Advanced Secure Gateway and Content Analysis
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability.
network
low complexity
broadcom CWE-918
8.1
2023-03-30 CVE-2023-27534 Path Traversal vulnerability in multiple products
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory.
network
low complexity
haxx fedoraproject netapp broadcom splunk CWE-22
8.8
2023-03-16 CVE-2023-27783 Reachable Assertion vulnerability in Broadcom Tcpreplay 4.4.3
An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.
network
low complexity
broadcom CWE-617
7.5
2023-03-16 CVE-2023-27784 NULL Pointer Dereference vulnerability in Broadcom Tcpreplay 4.4.3
An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint.
network
low complexity
broadcom CWE-476
7.5