Filtered by vendor Broadcom
Subscribe
Total
511 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-13826 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks. | |||||
CVE-2018-6441 | 1 Broadcom | 1 Fabric Operating System | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell. | |||||
CVE-2019-8376 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
CVE-2018-6437 | 1 Broadcom | 1 Fabric Operating System | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access. | |||||
CVE-2018-18407 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of service. | |||||
CVE-2019-7392 | 1 Broadcom | 1 Privileged Access Manager | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration. | |||||
CVE-2018-18408 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact. | |||||
CVE-2019-8377 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
CVE-2018-6435 | 1 Broadcom | 1 Fabric Operating System | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access. | |||||
CVE-2018-13824 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. | |||||
CVE-2018-20552 | 1 Broadcom | 1 Tcpreplay | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c. | |||||
CVE-2018-6590 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. | |||||
CVE-2018-14597 | 1 Broadcom | 2 Ca Identity Governance, Ca Identity Suite Virtual Appliance | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names. | |||||
CVE-2018-13823 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information. | |||||
CVE-2018-9021 | 1 Broadcom | 1 Privileged Access Manager | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. | |||||
CVE-2018-5241 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles. | |||||
CVE-2018-9026 | 1 Broadcom | 1 Privileged Access Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. | |||||
CVE-2016-10258 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-02-28 | 6.0 MEDIUM | 6.8 MEDIUM |
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code. | |||||
CVE-2017-6227 | 2 Broadcom, Brocade | 2 Fabric Operating System, Fabric Os | 2024-02-28 | 6.1 MEDIUM | 6.5 MEDIUM |
A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system. | |||||
CVE-2017-13678 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application. |