Filtered by vendor Broadcom
Subscribe
Total
511 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-12594 | 1 Broadcom | 1 Symantec Messaging Gateway | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4. | |||||
CVE-2021-28153 | 4 Broadcom, Debian, Fedoraproject and 1 more | 4 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 1 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.) | |||||
CVE-2020-24265 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service. | |||||
CVE-2020-35495 | 4 Broadcom, Fedoraproject, Gnu and 1 more | 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. | |||||
CVE-2020-11664 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | |||||
CVE-2020-11662 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information. | |||||
CVE-2019-18375 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console. | |||||
CVE-2020-12740 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c. | |||||
CVE-2020-11659 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action. | |||||
CVE-2018-6446 | 1 Broadcom | 1 Brocade Network Advisor | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. | |||||
CVE-2020-11663 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks. | |||||
CVE-2019-20549 | 2 Broadcom, Google | 11 Bcm43162, Bcm43224, Bcm4323 and 8 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software. A heap out-of-bounds access can occur during LE Packet reception in Broadcom Bluetooth. The Samsung ID is SVE-2019-15724 (November 2019). | |||||
CVE-2020-11666 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges. | |||||
CVE-2020-11658 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization. | |||||
CVE-2020-11661 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data. | |||||
CVE-2020-1927 | 8 Apache, Broadcom, Canonical and 5 more | 14 Http Server, Brocade Fabric Operating System, Ubuntu Linux and 11 more | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. | |||||
CVE-2019-20546 | 2 Broadcom, Google | 11 Bcm43162, Bcm43224, Bcm4323 and 8 more | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom Wi-Fi chipsets) software. A denial-of-service attack can leverage a shared interface between Broadcom Bluetooth and Broadcom Wi-Fi. The Samsung ID is SVE-2019-15350 (November 2019). | |||||
CVE-2020-13401 | 4 Broadcom, Debian, Docker and 1 more | 4 Sannav, Debian Linux, Engine and 1 more | 2024-02-28 | 6.0 MEDIUM | 6.0 MEDIUM |
An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. | |||||
CVE-2020-11660 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information. | |||||
CVE-2020-1967 | 10 Broadcom, Debian, Fedoraproject and 7 more | 26 Fabric Operating System, Debian Linux, Fedora and 23 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f). |