Filtered by vendor Broadcom
Subscribe
Total
626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4339 | 1 Broadcom | 1 Raid Controller Web Interface | 2025-11-04 | N/A | 7.5 HIGH |
| Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions | |||||
| CVE-2023-4338 | 1 Broadcom | 1 Raid Controller Web Interface | 2025-11-04 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers | |||||
| CVE-2023-4337 | 1 Broadcom | 1 Raid Controller Web Interface | 2025-11-04 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation | |||||
| CVE-2023-4336 | 1 Broadcom | 1 Raid Controller Web Interface | 2025-11-04 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute | |||||
| CVE-2023-4334 | 1 Broadcom | 1 Raid Controller Web Interface | 2025-11-04 | N/A | 7.5 HIGH |
| Broadcom RAID Controller Web server (nginx) is serving private files without any authentication | |||||
| CVE-2023-4333 | 2 Broadcom, Microsoft | 2 Raid Controller Web Interface, Windows | 2025-11-04 | N/A | 5.5 MEDIUM |
| Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server | |||||
| CVE-2023-4332 | 1 Broadcom | 1 Raid Controller Web Interface | 2025-11-04 | N/A | 7.5 HIGH |
| Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file | |||||
| CVE-2023-4331 | 1 Broadcom | 1 Raid Controller Web Interface | 2025-11-04 | N/A | 7.5 HIGH |
| Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols | |||||
| CVE-2023-4329 | 1 Broadcom | 1 Raid Controller Web Interface | 2025-11-04 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute | |||||
| CVE-2023-4328 | 2 Broadcom, Linux | 2 Raid Controller Web Interface, Linux Kernel | 2025-11-04 | N/A | 5.5 MEDIUM |
| Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows | |||||
| CVE-2023-4327 | 2 Broadcom, Linux | 2 Raid Controller Web Interface, Linux Kernel | 2025-11-04 | N/A | 5.5 MEDIUM |
| Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux | |||||
| CVE-2023-4326 | 1 Broadcom | 1 Raid Controller Web Interface | 2025-11-04 | N/A | 7.5 HIGH |
| Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites | |||||
| CVE-2023-4325 | 1 Broadcom | 1 Raid Controller Web Interface | 2025-11-04 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities | |||||
| CVE-2023-4324 | 1 Broadcom | 1 Raid Controller Web Interface | 2025-11-04 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers | |||||
| CVE-2023-4323 | 1 Broadcom | 1 Raid Controller Web Interface | 2025-11-04 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup | |||||
| CVE-2022-2068 | 6 Broadcom, Debian, Fedoraproject and 3 more | 43 Sannav, Debian Linux, Fedora and 40 more | 2025-11-03 | 10.0 HIGH | 7.3 HIGH |
| In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). | |||||
| CVE-2021-40438 | 11 Apache, Broadcom, Debian and 8 more | 40 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 37 more | 2025-10-27 | 6.8 MEDIUM | 9.0 CRITICAL |
| A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. | |||||
| CVE-2025-1976 | 1 Broadcom | 1 Fabric Operating System | 2025-10-24 | N/A | 6.7 MEDIUM |
| Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6. | |||||
| CVE-2025-51006 | 1 Broadcom | 1 Tcpreplay | 2025-10-14 | N/A | 7.8 HIGH |
| Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2.c. This vulnerability is triggered when tcpedit_dlt_cleanup() indirectly invokes the cleanup routine multiple times on the same memory region. By supplying a specifically crafted pcap file to the tcprewrite binary, a local attacker can exploit this flaw to cause a Denial of Service (DoS) via memory corruption. | |||||
| CVE-2025-51005 | 1 Broadcom | 1 Tcpreplay | 2025-10-08 | N/A | 7.5 HIGH |
| A heap-buffer-overflow vulnerability exists in the tcpliveplay utility of the tcpreplay-4.5.1. When a crafted pcap file is processed, the program incorrectly handles memory in the checksum calculation logic at do_checksum_math_liveplay in tcpliveplay.c, leading to a possible denial of service. | |||||