Filtered by vendor Broadcom
Subscribe
Total
506 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-18370 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. | |||||
CVE-2018-19860 | 2 Broadcom, Cypress | 126 Bcm4335c0, Bcm4335c0 Firmware, Bcm43438a1 and 123 more | 2023-12-10 | 5.8 MEDIUM | 8.8 HIGH |
Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command. | |||||
CVE-2018-18371 | 2 Broadcom, Symantec | 2 Symantec Proxysg, Advanced Secure Gateway | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. | |||||
CVE-2019-13656 | 1 Broadcom | 2 Ca Client Automation, Ca Workload Automation Ae | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code. | |||||
CVE-2018-15691 | 1 Broadcom | 1 Release Automation | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code. | |||||
CVE-2018-6590 | 1 Broadcom | 1 Ca Api Developer Portal | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. | |||||
CVE-2018-6438 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access. | |||||
CVE-2018-6434 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID. | |||||
CVE-2018-13825 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks. | |||||
CVE-2018-6442 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands. | |||||
CVE-2018-6440 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack. | |||||
CVE-2018-13823 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information. | |||||
CVE-2019-7392 | 1 Broadcom | 1 Privileged Access Manager | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration. | |||||
CVE-2019-8381 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
CVE-2019-6504 | 1 Broadcom | 1 Automic Workload Automation | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object. | |||||
CVE-2018-18407 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of service. | |||||
CVE-2018-13824 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. | |||||
CVE-2018-13826 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks. | |||||
CVE-2018-6437 | 1 Broadcom | 1 Fabric Operating System | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access. | |||||
CVE-2018-19634 | 2 Broadcom, Ca | 2 Service Desk Manager, Service Desk Manager | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information. |