Vulnerabilities > Broadcom > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-07-15 CVE-2024-38493 Cross-site Scripting vulnerability in Broadcom Symantec Privileged Access Management 4.1.0.0/4.1.0.10
A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface.
network
low complexity
broadcom CWE-79
6.1
2024-06-26 CVE-2024-29954 Information Exposure Through Log Files vulnerability in Broadcom Fabric Operating System
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files.
local
low complexity
broadcom CWE-532
5.5
2023-12-21 CVE-2023-4256 Double Free vulnerability in multiple products
Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c.
local
low complexity
broadcom fedoraproject CWE-415
5.5
2023-11-09 CVE-2023-37790 Cross-site Scripting vulnerability in Broadcom Clarity 14.3.0.298
Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function.
network
low complexity
broadcom CWE-79
5.4
2023-08-31 CVE-2023-31423 Cleartext Storage of Sensitive Information vulnerability in Broadcom Brocade Sannav
Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a.
local
low complexity
broadcom CWE-312
5.5
2023-08-31 CVE-2023-31925 Cleartext Storage of Sensitive Information vulnerability in Broadcom Brocade Sannav
Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext.
network
low complexity
broadcom CWE-312
6.5
2023-08-31 CVE-2023-4163 Classic Buffer Overflow vulnerability in Broadcom Fabric Operating System
In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command.
local
low complexity
broadcom CWE-120
4.4
2023-08-15 CVE-2023-4327 Unspecified vulnerability in Broadcom Raid Controller web Interface 51.12.02779
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
local
low complexity
broadcom
5.5
2023-08-15 CVE-2023-4328 Unspecified vulnerability in Broadcom Raid Controller web Interface 51.12.02779
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows
local
low complexity
broadcom
5.5
2023-08-15 CVE-2023-4333 Unspecified vulnerability in Broadcom Raid Controller web Interface 51.12.02779
Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server
local
low complexity
broadcom
5.5