| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user |
| Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter |
| Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy |
| Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI |
| Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file |
| Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions |
| Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers |
| Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation |
| Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute |
| Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server |
| Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute |
| Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows |
| Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux |
| Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities |
| Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers |
| Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup |
| An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome. |
| An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes). |
| bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing. |
| A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. |
