Filtered by vendor Broadcom
Subscriptions
Total
516 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-23133 | 6 Broadcom, Debian, Fedoraproject and 3 more | 25 Brocade Fabric Operating System, Debian Linux, Fedora and 22 more | 2024-09-16 | 6.7 Medium |
A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. | ||||
CVE-2017-15533 | 1 Broadcom | 1 Ssl Visibility Appliance | 2024-09-16 | N/A |
Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT research paper. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish multiple millions of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session. | ||||
CVE-2016-10257 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-09-16 | N/A |
The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256. | ||||
CVE-2018-15691 | 1 Broadcom | 1 Release Automation | 2024-09-16 | N/A |
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code. | ||||
CVE-2018-6439 | 1 Broadcom | 1 Fabric Operating System | 2024-09-16 | N/A |
A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access. | ||||
CVE-2017-18268 | 1 Broadcom | 1 Symantec Intelligencecenter | 2024-09-16 | 5.9 Medium |
Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session. | ||||
CVE-2005-0968 | 1 Broadcom | 1 Etrust Intrusion Detection | 2024-09-16 | N/A |
Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API. | ||||
CVE-2016-9097 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-09-16 | N/A |
The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges. | ||||
CVE-2000-1244 | 1 Broadcom | 1 Inoculateit Agent For Exchange | 2024-09-16 | N/A |
Computer Associates InoculateIT Agent for Exchange Server does not recognize an e-mail virus attachment if the SMTP header is missing the "From" field, which allows remote attackers to bypass virus protection. | ||||
CVE-2018-9021 | 1 Broadcom | 1 Privileged Access Manager | 2024-09-16 | 9.8 Critical |
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. | ||||
CVE-2018-13823 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2024-09-16 | N/A |
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information. | ||||
CVE-2018-9024 | 1 Broadcom | 1 Privileged Access Manager | 2024-09-16 | N/A |
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file. | ||||
CVE-2018-20553 | 1 Broadcom | 1 Tcpreplay | 2024-09-16 | N/A |
Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c. | ||||
CVE-2024-38493 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-09-10 | 6.1 Medium |
A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI. | ||||
CVE-2023-4344 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-09-05 | 9.8 Critical |
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection | ||||
CVE-2023-4332 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-09-05 | 7.5 High |
Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file | ||||
CVE-2023-4331 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-09-05 | 7.5 High |
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols | ||||
CVE-2023-4328 | 2 Broadcom, Linux | 2 Raid Controller Web Interface, Linux Kernel | 2024-09-05 | 5.5 Medium |
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows | ||||
CVE-2023-4327 | 2 Broadcom, Linux | 2 Raid Controller Web Interface, Linux Kernel | 2024-09-05 | 5.5 Medium |
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux | ||||
CVE-2023-4326 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-09-05 | 7.5 High |
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites |