Vulnerabilities > Broadcom > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-30 CVE-2023-27537 Double Free vulnerability in multiple products
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles".
network
high complexity
haxx netapp broadcom splunk CWE-415
5.9
2023-03-30 CVE-2023-27538 Improper Authentication vulnerability in multiple products
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse.
5.5
2023-01-26 CVE-2023-23949 Cross-site Scripting vulnerability in Broadcom products
An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser.
network
low complexity
broadcom CWE-79
5.4
2023-01-26 CVE-2023-23950 Cross-site Scripting vulnerability in Broadcom products
User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses.
network
low complexity
broadcom CWE-79
6.1
2023-01-26 CVE-2023-23951 Cross-site Scripting vulnerability in Broadcom products
Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application
network
low complexity
broadcom CWE-79
6.1
2022-12-16 CVE-2022-25626 Unspecified vulnerability in Broadcom Symantec Identity Governance and Administration 14.3/14.4
An unauthenticated user can access Identity Manager’s management console specific page URLs.
network
low complexity
broadcom
5.3
2022-12-16 CVE-2022-25627 Unspecified vulnerability in Broadcom Symantec Identity Governance and Administration 14.3/14.4
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4
local
low complexity
broadcom
6.7
2022-12-09 CVE-2022-33187 Information Exposure Through Log Files vulnerability in Broadcom Brocade Sannav
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs.
network
low complexity
broadcom CWE-532
4.9
2022-10-25 CVE-2022-28170 Insecure Storage of Sensitive Information vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements.
local
low complexity
broadcom CWE-922
6.5
2022-10-25 CVE-2022-33180 Unspecified vulnerability in Broadcom Fabric Operating System
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”.
local
low complexity
broadcom
5.5