Filtered by vendor Broadcom
Subscriptions
Total
507 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11665 | 1 Broadcom | 1 Ca Api Developer Portal | 2020-04-20 | 6.1 Medium |
| CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | ||||
| CVE-2020-11658 | 1 Broadcom | 1 Ca Api Developer Portal | 2020-04-20 | 9.8 Critical |
| CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization. | ||||
| CVE-2020-11659 | 1 Broadcom | 1 Ca Api Developer Portal | 2020-04-20 | 4.3 Medium |
| CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action. | ||||
| CVE-2019-9502 | 2 Broadcom, Synology | 3 Bcm4339, Bcm4339 Firmware, Router Manager | 2020-02-10 | 8.8 High |
| The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions. | ||||
| CVE-2019-9501 | 2 Broadcom, Synology | 3 Bcm4339, Bcm4339 Firmware, Router Manager | 2020-02-10 | 8.8 High |
| The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions. | ||||
| CVE-2016-8204 | 1 Broadcom | 1 Brocade Network Advisor | 2020-01-21 | 9.8 Critical |
| A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. | ||||
| CVE-2019-19518 | 1 Broadcom | 1 Ca Automic Sysload | 2020-01-17 | 9.8 Critical |
| CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands. | ||||
| CVE-2019-19544 | 1 Broadcom | 1 Ca Automic Dollar Universe | 2020-01-12 | 7.8 High |
| CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setuid root, that allows local attackers to elevate privileges. This vulnerability was reported to CA several years after CA Automic Dollar Universe 5.3.3 reached End of Life (EOL) status on April 1, 2015. | ||||
| CVE-2019-19230 | 3 Broadcom, Linux, Microsoft | 3 Nolio, Linux Kernel, Windows | 2019-12-12 | 9.8 Critical |
| An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code. | ||||
| CVE-2019-16208 | 1 Broadcom | 1 Brocade Sannav | 2019-11-14 | 7.5 High |
| Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.). | ||||
| CVE-2019-16205 | 1 Broadcom | 1 Brocade Sannav | 2019-11-14 | 8.8 High |
| A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal. | ||||
| CVE-2019-16209 | 1 Broadcom | 1 Brocade Sannav | 2019-11-09 | 7.4 High |
| A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections. | ||||
| CVE-2019-16207 | 1 Broadcom | 1 Brocade Sannav | 2019-11-09 | 7.8 High |
| Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges. | ||||
| CVE-2019-13657 | 1 Broadcom | 2 Ca Performance Management, Network Operations | 2019-10-24 | 8.8 High |
| CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. | ||||
| CVE-2018-14597 | 1 Broadcom | 2 Ca Identity Governance, Ca Identity Suite Virtual Appliance | 2019-10-09 | N/A |
| CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names. | ||||
| CVE-2017-9417 | 1 Broadcom | 4 Bcm4354 Wi-fi Chipset, Bcm4358 Wi-fi Chipset, Bcm4359 Wi-fi Chipset and 1 more | 2019-10-03 | N/A |
| Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. | ||||
| CVE-2017-11121 | 2 Apple, Broadcom | 4 Iphone Os, Tvos, Bcm4355c0 and 1 more | 2019-03-13 | N/A |
| On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205. | ||||
| CVE-2017-11120 | 2 Apple, Broadcom | 4 Iphone Os, Tvos, Bcm4355c0 and 1 more | 2019-03-13 | N/A |
| On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204. | ||||
| CVE-2017-11122 | 2 Apple, Broadcom | 4 Iphone Os, Tvos, Bcm4355c0 and 1 more | 2019-03-08 | N/A |
| On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading. | ||||
| CVE-2006-6905 | 1 Broadcom | 1 Widcomm Bluetooth | 2018-10-16 | N/A |
| Unspecified vulnerability in the Widcomm Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. | ||||