Filtered by vendor Broadcom
Subscriptions
Total
617 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4336 | 1 Broadcom | 1 Raid Controller Web Interface | 2025-11-04 | 9.8 Critical |
| Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute | ||||
| CVE-2023-4334 | 1 Broadcom | 1 Raid Controller Web Interface | 2025-11-04 | 7.5 High |
| Broadcom RAID Controller Web server (nginx) is serving private files without any authentication | ||||
| CVE-2023-4333 | 2 Broadcom, Microsoft | 2 Raid Controller Web Interface, Windows | 2025-11-04 | 5.5 Medium |
| Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server | ||||
| CVE-2023-4332 | 2 Broadcom, Intel | 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 | 2025-11-04 | 7.5 High |
| Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file | ||||
| CVE-2023-4331 | 2 Broadcom, Intel | 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 | 2025-11-04 | 7.5 High |
| Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols | ||||
| CVE-2023-4329 | 2 Broadcom, Intel | 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 | 2025-11-04 | 9.8 Critical |
| Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute | ||||
| CVE-2023-4328 | 2 Broadcom, Linux | 2 Raid Controller Web Interface, Linux Kernel | 2025-11-04 | 5.5 Medium |
| Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows | ||||
| CVE-2023-4327 | 2 Broadcom, Linux | 2 Raid Controller Web Interface, Linux Kernel | 2025-11-04 | 5.5 Medium |
| Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux | ||||
| CVE-2023-4326 | 1 Broadcom | 2 Lsi Storage Authority, Raid Controller Web Interface | 2025-11-04 | 7.5 High |
| Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites | ||||
| CVE-2023-4325 | 2 Broadcom, Intel | 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 | 2025-11-04 | 9.8 Critical |
| Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities | ||||
| CVE-2023-4324 | 2 Broadcom, Intel | 3 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 | 2025-11-04 | 9.8 Critical |
| Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers | ||||
| CVE-2023-4323 | 1 Broadcom | 1 Raid Controller Web Interface | 2025-11-04 | 9.8 Critical |
| Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup | ||||
| CVE-2022-2068 | 7 Broadcom, Debian, Fedoraproject and 4 more | 49 Sannav, Debian Linux, Fedora and 46 more | 2025-11-03 | 9.8 Critical |
| In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). | ||||
| CVE-2024-38812 | 2 Broadcom, Vmware | 4 Vmware Cloud Foundation, Vmware Vcenter Server, Cloud Foundation and 1 more | 2025-10-31 | 9.8 Critical |
| The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | ||||
| CVE-2024-38813 | 2 Broadcom, Vmware | 4 Vmware Center Server, Vmware Cloud Foundation, Cloud Foundation and 1 more | 2025-10-31 | 7.5 High |
| The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. | ||||
| CVE-2021-40438 | 11 Apache, Broadcom, Debian and 8 more | 45 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 42 more | 2025-10-27 | 9 Critical |
| A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. | ||||
| CVE-2025-1976 | 1 Broadcom | 1 Fabric Operating System | 2025-10-24 | 6.7 Medium |
| Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6. | ||||
| CVE-2014-0160 | 13 Broadcom, Canonical, Debian and 10 more | 37 Symantec Messaging Gateway, Ubuntu Linux, Debian Linux and 34 more | 2025-10-22 | 7.5 High |
| The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | ||||
| CVE-2025-51006 | 2 Appneta, Broadcom | 2 Tcpreplay, Tcpreplay | 2025-10-14 | 7.8 High |
| Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2.c. This vulnerability is triggered when tcpedit_dlt_cleanup() indirectly invokes the cleanup routine multiple times on the same memory region. By supplying a specifically crafted pcap file to the tcprewrite binary, a local attacker can exploit this flaw to cause a Denial of Service (DoS) via memory corruption. | ||||
| CVE-2025-9649 | 2 Appneta, Broadcom | 2 Tcpreplay, Tcpreplay | 2025-10-09 | 3.3 Low |
| A security vulnerability has been detected in appneta tcpreplay 4.5.1. Impacted is the function calc_sleep_time of the file send_packets.c. Such manipulation leads to divide by zero. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. Upgrading to version 4.5.3-beta3 is recommended to address this issue. It is advisable to upgrade the affected component. The vendor confirms in a GitHub issue reply: "Was able to reproduce in 6fcbf03 but NOT 4.5.3-beta3." | ||||