Vulnerabilities > Broadcom > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-30 | CVE-2023-27537 | Double Free vulnerability in multiple products A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". | 5.9 |
2023-03-30 | CVE-2023-27538 | Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. | 5.5 |
2023-01-26 | CVE-2023-23949 | Cross-site Scripting vulnerability in Broadcom products An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. | 5.4 |
2023-01-26 | CVE-2023-23950 | Cross-site Scripting vulnerability in Broadcom products User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. | 6.1 |
2023-01-26 | CVE-2023-23951 | Cross-site Scripting vulnerability in Broadcom products Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application | 6.1 |
2022-12-16 | CVE-2022-25626 | Unspecified vulnerability in Broadcom Symantec Identity Governance and Administration 14.3/14.4 An unauthenticated user can access Identity Manager’s management console specific page URLs. | 5.3 |
2022-12-16 | CVE-2022-25627 | Unspecified vulnerability in Broadcom Symantec Identity Governance and Administration 14.3/14.4 An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4 | 6.7 |
2022-12-09 | CVE-2022-33187 | Information Exposure Through Log Files vulnerability in Broadcom Brocade Sannav Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. | 4.9 |
2022-10-25 | CVE-2022-28170 | Insecure Storage of Sensitive Information vulnerability in Broadcom Fabric Operating System Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. | 6.5 |
2022-10-25 | CVE-2022-33180 | Unspecified vulnerability in Broadcom Fabric Operating System A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”. | 5.5 |