Filtered by vendor Broadcom
Subscribe
Total
511 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-8699 | 1 Broadcom | 1 Release Automation | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-8157 | 1 Broadcom | 5 Symantec Critical System Protection, Symantec Data Center Security Server, Symantec Data Center Security Server And Agents and 2 more | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2016-3118 | 1 Broadcom | 1 Api Gateway | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors. | |||||
CVE-2014-3440 | 2 Broadcom, Symantec | 2 Symantec Critical System Protection, Data Center Security | 2024-02-28 | 9.0 HIGH | N/A |
The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file. | |||||
CVE-2014-8246 | 1 Broadcom | 1 Release Automation | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2014-9226 | 2 Broadcom, Symantec | 2 Symantec Critical System Protection, Data Center Security | 2024-02-28 | 7.2 HIGH | N/A |
The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors. | |||||
CVE-2014-9224 | 2 Broadcom, Symantec | 2 Symantec Critical System Protection, Data Center Security | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-5016 | 2 Broadcom, Microsoft | 2 Symantec Critical System Protection, Windows 2003 Server | 2024-02-28 | 7.6 HIGH | N/A |
Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors. | |||||
CVE-2015-2828 | 1 Broadcom | 1 Spectrum | 2024-02-28 | 9.0 HIGH | N/A |
CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data. | |||||
CVE-2014-2046 | 1 Broadcom | 2 Pipa C211, Pipa C211 Web Interface | 2024-02-28 | 9.7 HIGH | N/A |
cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) modify the firmware via unspecified vectors. | |||||
CVE-2014-7289 | 2 Broadcom, Symantec | 2 Symantec Critical System Protection, Data Center Security | 2024-02-28 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. | |||||
CVE-2014-1219 | 1 Broadcom | 1 2e Web Option | 2024-02-28 | 5.1 MEDIUM | N/A |
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm. | |||||
CVE-2014-8247 | 1 Broadcom | 1 Release Automation | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-2827 | 1 Broadcom | 1 Spectrum | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-6799 | 1 Broadcom | 1 Investigation Tool | 2024-02-28 | 5.4 MEDIUM | N/A |
The Investigation Tool (aka gov.ca.post.lp.itool) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-8248 | 1 Broadcom | 1 Release Automation | 2024-02-28 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query. | |||||
CVE-2014-9225 | 2 Broadcom, Symantec | 2 Symantec Critical System Protection, Data Center Security | 2024-02-28 | 4.0 MEDIUM | N/A |
The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors. | |||||
CVE-2012-2619 | 2 Apple, Broadcom | 3 Iphone Os, Bcm4325, Bcm4329 | 2024-02-28 | 7.8 HIGH | N/A |
The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element. | |||||
CVE-2013-5968 | 2 Broadcom, Ca | 2 Siteminder, Web Agents | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character. | |||||
CVE-2013-2630 | 1 Broadcom | 1 Service Desk Manager | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12.5 through 12.7 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |