Filtered by vendor Broadcom
Subscriptions
Total
516 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-9025 | 1 Broadcom | 1 Privileged Access Manager | 2024-09-16 | N/A |
| An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. | ||||
| CVE-2018-19634 | 2 Broadcom, Ca | 2 Service Desk Manager, Service Desk Manager | 2024-09-16 | 7.5 High |
| CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information. | ||||
| CVE-2018-20552 | 1 Broadcom | 1 Tcpreplay | 2024-09-16 | N/A |
| Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c. | ||||
| CVE-2018-9023 | 1 Broadcom | 1 Privileged Access Manager | 2024-09-16 | N/A |
| An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script. | ||||
| CVE-2009-2705 | 2 Broadcom, Sun | 2 Siteminder, J2ee | 2024-09-16 | N/A |
| CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters. | ||||
| CVE-2016-9100 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-09-16 | N/A |
| Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information. | ||||
| CVE-2019-6504 | 1 Broadcom | 1 Automic Workload Automation | 2024-09-16 | N/A |
| Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object. | ||||
| CVE-2011-4503 | 2 Broadcom, Sitecom | 2 Broadcom Linux, Wl-111 | 2024-09-16 | N/A |
| The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | ||||
| CVE-2021-26313 | 6 Amd, Arm, Broadcom and 3 more | 11 Ryzen 5 5600x, Ryzen 7 2700x, Ryzen Threadripper 2990wx and 8 more | 2024-09-16 | 5.5 Medium |
| Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage. | ||||
| CVE-2022-2068 | 7 Broadcom, Debian, Fedoraproject and 4 more | 49 Sannav, Debian Linux, Fedora and 46 more | 2024-09-16 | 9.8 Critical |
| In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). | ||||
| CVE-2017-6227 | 2 Broadcom, Brocade | 2 Fabric Operating System, Fabric Os | 2024-09-16 | N/A |
| A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system. | ||||
| CVE-2018-9026 | 1 Broadcom | 1 Privileged Access Manager | 2024-09-16 | N/A |
| A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. | ||||
| CVE-2021-23133 | 6 Broadcom, Debian, Fedoraproject and 3 more | 25 Brocade Fabric Operating System, Debian Linux, Fedora and 22 more | 2024-09-16 | 6.7 Medium |
| A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. | ||||
| CVE-2017-15533 | 1 Broadcom | 1 Ssl Visibility Appliance | 2024-09-16 | N/A |
| Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT research paper. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish multiple millions of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session. | ||||
| CVE-2016-10257 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-09-16 | N/A |
| The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256. | ||||
| CVE-2018-15691 | 1 Broadcom | 1 Release Automation | 2024-09-16 | N/A |
| Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code. | ||||
| CVE-2018-6439 | 1 Broadcom | 1 Fabric Operating System | 2024-09-16 | N/A |
| A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access. | ||||
| CVE-2017-18268 | 1 Broadcom | 1 Symantec Intelligencecenter | 2024-09-16 | 5.9 Medium |
| Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session. | ||||
| CVE-2005-0968 | 1 Broadcom | 1 Etrust Intrusion Detection | 2024-09-16 | N/A |
| Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API. | ||||
| CVE-2016-9097 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-09-16 | N/A |
| The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges. | ||||