Vulnerabilities > Broadcom > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-18 | CVE-2021-30650 | Cross-site Scripting vulnerability in Broadcom Layer7 API Management Oauth Toolkit 4.4 A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. | 6.1 |
| 2022-02-11 | CVE-2021-45386 | Reachable Assertion vulnerability in Broadcom Tcpreplay 4.3.4 tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c | 5.5 |
| 2022-02-11 | CVE-2021-45387 | Reachable Assertion vulnerability in Broadcom Tcpreplay 4.3.4 tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c. | 5.5 |
| 2022-01-18 | CVE-2022-23083 | Cross-site Scripting vulnerability in Broadcom products NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine. | 6.1 |
| 2021-12-02 | CVE-2021-44050 | SQL Injection vulnerability in Broadcom CA Network Flow Analysis CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data. | 6.5 |
| 2021-09-22 | CVE-2020-23273 | Out-of-bounds Write vulnerability in Broadcom Tcpreplay 4.3.2 Heap-buffer overflow in the randomize_iparp function in edit_packet.c. | 5.5 |
| 2021-08-25 | CVE-2020-18976 | Classic Buffer Overflow vulnerability in Broadcom Tcpreplay 4.3.2 Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. | 5.5 |
| 2021-08-12 | CVE-2021-27791 | Out-of-bounds Read vulnerability in Broadcom Fabric Operating System The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. | 5.4 |
| 2021-08-12 | CVE-2021-27793 | Incorrect Authorization vulnerability in Broadcom Fabric Operating System ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch. | 5.3 |
| 2021-07-14 | CVE-2021-34174 | Unspecified vulnerability in Broadcom Bcm4352 Firmware and Bcm43684 Firmware A vulnerability exists in Broadcom BCM4352 and BCM43684 chips. low complexity broadcom | 4.6 |