Vulnerabilities > Broadcom > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-15 CVE-2023-4345 Unspecified vulnerability in Broadcom Raid Controller web Interface 51.12.02779
Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user
network
low complexity
broadcom
6.5
2023-08-02 CVE-2023-31927 Unspecified vulnerability in Broadcom Brocade Fabric Operating System
An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface.
network
low complexity
broadcom
5.3
2023-08-02 CVE-2023-31428 Unrestricted Upload of File with Dangerous Type vulnerability in Broadcom Brocade Fabric Operating System 9.2.0
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep.
local
low complexity
broadcom CWE-434
5.5
2023-08-02 CVE-2023-31430 Classic Buffer Overflow vulnerability in Broadcom Brocade Fabric Operating System 9.2.0
A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.
local
low complexity
broadcom CWE-120
5.5
2023-08-02 CVE-2023-31431 Classic Buffer Overflow vulnerability in Broadcom Brocade Fabric Operating System 9.2.0
A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service.
local
low complexity
broadcom CWE-120
5.5
2023-08-02 CVE-2023-31928 Cross-site Scripting vulnerability in Broadcom Brocade Fabric Operating System 9.1.1C
A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application.
network
low complexity
broadcom CWE-79
6.1
2023-08-01 CVE-2023-31426 Information Exposure Through Log Files vulnerability in Broadcom Fabric Operating System
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave.
network
low complexity
broadcom CWE-532
6.5
2023-08-01 CVE-2023-31429 Command Injection vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal.
local
low complexity
broadcom CWE-77
5.5
2023-06-01 CVE-2023-23954 Cross-site Scripting vulnerability in Broadcom Advanced Secure Gateway and Content Analysis
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability.
network
low complexity
broadcom CWE-79
5.4
2023-05-30 CVE-2023-23956 Cross-site Scripting vulnerability in Broadcom Symantec Siteminder Webagent 12.52
A user can supply malicious HTML and JavaScript code that will be executed in the client browser
network
low complexity
broadcom CWE-79
5.4