Vulnerabilities > Broadcom > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-12-10 CVE-2020-12595 Unspecified vulnerability in Broadcom Symantec Messaging Gateway 10.5/10.7/9.5
An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access.
network
low complexity
broadcom
4.9
2020-12-09 CVE-2020-29660 Improper Locking vulnerability in multiple products
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
4.4
2020-11-23 CVE-2020-15436 Use After Free vulnerability in multiple products
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
local
low complexity
linux broadcom netapp CWE-416
6.7
2020-09-25 CVE-2018-6449 Cross-site Scripting vulnerability in Broadcom Fabric Operating System
Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers
network
low complexity
broadcom CWE-79
6.1
2020-09-25 CVE-2018-6447 Cross-site Scripting vulnerability in Broadcom Fabric Operating System
A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account.
network
low complexity
broadcom CWE-79
5.4
2020-09-25 CVE-2020-15372 Improper Control of Dynamically-Managed Code Resources vulnerability in Broadcom Fabric Operating System
A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging.
local
low complexity
broadcom CWE-913
5.5
2020-09-25 CVE-2020-15370 Information Exposure Through Log Files vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext.
network
low complexity
broadcom CWE-532
6.5
2020-06-02 CVE-2020-13401 Improper Input Validation vulnerability in multiple products
An issue was discovered in Docker Engine before 19.03.11.
network
high complexity
docker fedoraproject debian broadcom CWE-20
6.0
2020-05-28 CVE-2020-13645 Improper Certificate Validation vulnerability in multiple products
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity.
6.5
2020-04-15 CVE-2020-11660 Unspecified vulnerability in Broadcom CA API Developer Portal
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information.
network
low complexity
broadcom
6.5