Vulnerabilities > Broadcom > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-18 CVE-2021-27789 Unspecified vulnerability in Broadcom Fabric Operating System
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device.
network
low complexity
broadcom
6.5
2022-02-21 CVE-2021-27796 Unspecified vulnerability in Broadcom Fabric Operating System
A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem utilizing one of a few available binaries.
network
low complexity
broadcom
6.5
2022-02-18 CVE-2021-30650 Cross-site Scripting vulnerability in Broadcom Layer7 API Management Oauth Toolkit 4.4
A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques.
network
low complexity
broadcom CWE-79
6.1
2022-02-11 CVE-2021-45386 Reachable Assertion vulnerability in Broadcom Tcpreplay 4.3.4
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c
local
low complexity
broadcom CWE-617
5.5
2022-02-11 CVE-2021-45387 Reachable Assertion vulnerability in Broadcom Tcpreplay 4.3.4
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c.
local
low complexity
broadcom CWE-617
5.5
2022-01-18 CVE-2022-23083 Cross-site Scripting vulnerability in Broadcom products
NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine.
network
low complexity
broadcom CWE-79
6.1
2021-12-02 CVE-2021-44050 SQL Injection vulnerability in Broadcom CA Network Flow Analysis
CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data.
network
low complexity
broadcom CWE-89
6.5
2021-09-22 CVE-2020-23273 Out-of-bounds Write vulnerability in Broadcom Tcpreplay 4.3.2
Heap-buffer overflow in the randomize_iparp function in edit_packet.c.
local
low complexity
broadcom CWE-787
5.5
2021-08-25 CVE-2020-18976 Classic Buffer Overflow vulnerability in Broadcom Tcpreplay 4.3.2
Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'.
local
low complexity
broadcom CWE-120
5.5
2021-08-12 CVE-2021-27791 Out-of-bounds Read vulnerability in Broadcom Fabric Operating System
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range.
network
low complexity
broadcom CWE-125
5.4