Filtered by vendor Broadcom
Subscribe
Total
511 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18375 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console. | |||||
| CVE-2019-18374 | 1 Broadcom | 1 Symantec Critical System Protection | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing authentication controls. | |||||
| CVE-2019-16212 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication process. | |||||
| CVE-2019-16211 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability. | |||||
| CVE-2019-16210 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save. | |||||
| CVE-2019-16209 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections. | |||||
| CVE-2019-16208 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.). | |||||
| CVE-2019-16207 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges. | |||||
| CVE-2019-16206 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information. | |||||
| CVE-2019-16205 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
| A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal. | |||||
| CVE-2019-16204 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server. | |||||
| CVE-2019-16203 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client. | |||||
| CVE-2019-15126 | 2 Apple, Broadcom | 15 Ipados, Iphone Os, Mac Os X and 12 more | 2024-11-21 | 2.9 LOW | 3.1 LOW |
| An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. | |||||
| CVE-2019-13658 | 1 Broadcom | 1 Network Flow Analysis | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. | |||||
| CVE-2019-13657 | 1 Broadcom | 2 Ca Performance Management, Network Operations | 2024-11-21 | 6.5 MEDIUM | 9.8 CRITICAL |
| CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. | |||||
| CVE-2019-13656 | 1 Broadcom | 2 Ca Client Automation, Ca Workload Automation Ae | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code. | |||||
| CVE-2018-9029 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. | |||||
| CVE-2018-9028 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. | |||||
| CVE-2018-9026 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. | |||||
| CVE-2018-9025 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. | |||||