Filtered by vendor Broadcom
Subscribe
Search
Total
56 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4336 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute | |||||
| CVE-2023-4337 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation | |||||
| CVE-2023-4338 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers | |||||
| CVE-2023-4344 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection | |||||
| CVE-2023-4340 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file | |||||
| CVE-2023-4341 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI | |||||
| CVE-2023-4342 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy | |||||
| CVE-2023-4325 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities | |||||
| CVE-2023-4324 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers | |||||
| CVE-2023-4323 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup | |||||
| CVE-2023-4329 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute | |||||
| CVE-2022-37016 | 1 Broadcom | 1 Symantec Endpoint Protection | 2023-08-08 | N/A | 9.8 CRITICAL |
| Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
| CVE-2022-23992 | 1 Broadcom | 1 Xcom Data Transport | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges. | |||||
| CVE-2021-46825 | 1 Broadcom | 2 Advanced Secure Gateway, Proxysg | 2023-08-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N | |||||
| CVE-2022-23305 | 5 Apache, Broadcom, Netapp and 2 more | 24 Log4j, Brocade Sannav, Snapmanager and 21 more | 2022-07-25 | 6.8 MEDIUM | 9.8 CRITICAL |
| By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | |||||
| CVE-2022-33750 | 1 Broadcom | 1 Ca Automic Automation | 2022-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands. | |||||
| CVE-2022-33752 | 1 Broadcom | 1 Ca Automic Automation | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. | |||||
| CVE-2022-33754 | 1 Broadcom | 1 Ca Automic Automation | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. | |||||
| CVE-2022-28163 | 1 Broadcom | 1 Sannav | 2022-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands. | |||||
| CVE-2020-8010 | 1 Broadcom | 1 Unified Infrastructure Management | 2022-04-29 | 10.0 HIGH | 9.8 CRITICAL |
| CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system. | |||||
| CVE-2020-8012 | 1 Broadcom | 1 Unified Infrastructure Management | 2022-04-29 | 7.5 HIGH | 9.8 CRITICAL |
| CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code. | |||||
| CVE-2021-42774 | 1 Broadcom | 1 Emulex Hba Manager | 2021-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks. In non-secure mode, the user is unauthenticated. | |||||
| CVE-2021-42775 | 1 Broadcom | 1 Emulex Hba Manager | 2021-11-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In non-secure mode, the user is unauthenticated. | |||||
| CVE-2021-42772 | 1 Broadcom | 2 Emulex Hba Manager, One Command Manager | 2021-11-12 | 6.8 MEDIUM | 9.8 CRITICAL |
| Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that could allow a user to attempt various attacks. In non-secure mode, the user is unauthenticated | |||||
| CVE-2020-15371 | 1 Broadcom | 1 Fabric Operating System | 2021-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability. | |||||
| CVE-2020-15373 | 1 Broadcom | 1 Fabric Operating System | 2021-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks. | |||||
| CVE-2020-15374 | 1 Broadcom | 1 Fabric Operating System | 2021-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input. | |||||
| CVE-2019-18374 | 1 Broadcom | 1 Symantec Critical System Protection | 2021-08-04 | 7.5 HIGH | 9.8 CRITICAL |
| Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing authentication controls. | |||||
| CVE-2018-5241 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2021-07-08 | 7.5 HIGH | 9.8 CRITICAL |
| Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles. | |||||
| CVE-2021-30648 | 1 Broadcom | 15 Symantec Advanced Secure Gateway 500-10, Symantec Advanced Secure Gateway 500-10 Firmware, Symantec Advanced Secure Gateway S200-30 and 12 more | 2021-07-06 | 9.0 HIGH | 9.8 CRITICAL |
| The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance. | |||||
| CVE-2018-6440 | 1 Broadcom | 1 Fabric Operating System | 2021-06-22 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack. | |||||
| CVE-2019-18805 | 5 Broadcom, Linux, Netapp and 2 more | 22 Fabric Operating System, Linux Kernel, Active Iq Unified Manager and 19 more | 2021-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6. | |||||
| CVE-2020-15377 | 1 Broadcom | 1 Sannav | 2021-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF). | |||||
| CVE-2018-9022 | 1 Broadcom | 1 Privileged Access Manager | 2021-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file. | |||||
| CVE-2018-9021 | 1 Broadcom | 1 Privileged Access Manager | 2021-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. | |||||
| CVE-2018-15691 | 1 Broadcom | 1 Release Automation | 2021-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code. | |||||
| CVE-2018-13824 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2021-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. | |||||
| CVE-2018-13826 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2021-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks. | |||||
| CVE-2019-7392 | 1 Broadcom | 1 Privileged Access Manager | 2021-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration. | |||||
| CVE-2015-4664 | 2 Broadcom, Xceedium | 2 Privileged Access Manager, Xsuite | 2021-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands. | |||||
| CVE-2018-9029 | 1 Broadcom | 1 Privileged Access Manager | 2021-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. | |||||
| CVE-2015-6853 | 1 Broadcom | 1 Single Sign-on | 2021-04-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. | |||||
| CVE-2015-6854 | 1 Broadcom | 1 Single Sign-on | 2021-04-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. | |||||
| CVE-2018-19635 | 2 Broadcom, Ca | 2 Service Desk Manager, Service Desk Manager | 2021-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface. | |||||
| CVE-2019-13658 | 1 Broadcom | 1 Network Flow Analysis | 2021-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. | |||||
| CVE-2019-16211 | 1 Broadcom | 1 Brocade Sannav | 2020-10-07 | 5.0 MEDIUM | 9.8 CRITICAL |
| Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability. | |||||
| CVE-2019-13656 | 1 Broadcom | 2 Ca Client Automation, Ca Workload Automation Ae | 2020-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code. | |||||
| CVE-2019-20549 | 2 Broadcom, Google | 11 Bcm43162, Bcm43224, Bcm4323 and 8 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software. A heap out-of-bounds access can occur during LE Packet reception in Broadcom Bluetooth. The Samsung ID is SVE-2019-15724 (November 2019). | |||||
| CVE-2018-6446 | 1 Broadcom | 1 Brocade Network Advisor | 2020-07-07 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. | |||||
| CVE-2020-11658 | 1 Broadcom | 1 Ca Api Developer Portal | 2020-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization. | |||||