Filtered by vendor Broadcom
Subscribe
Total
506 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-15533 | 1 Broadcom | 1 Ssl Visibility Appliance | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT research paper. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish multiple millions of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session. | |||||
CVE-2018-9029 | 1 Broadcom | 1 Privileged Access Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. | |||||
CVE-2018-9021 | 1 Broadcom | 1 Privileged Access Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. | |||||
CVE-2015-4664 | 2 Broadcom, Xceedium | 2 Privileged Access Manager, Xsuite | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands. | |||||
CVE-2016-10258 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2023-12-10 | 6.0 MEDIUM | 6.8 MEDIUM |
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code. | |||||
CVE-2018-5241 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles. | |||||
CVE-2018-9025 | 1 Broadcom | 1 Privileged Access Manager | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. | |||||
CVE-2018-9024 | 1 Broadcom | 1 Privileged Access Manager | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file. | |||||
CVE-2018-9028 | 1 Broadcom | 1 Privileged Access Manager | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. | |||||
CVE-2018-13112 | 1 Broadcom | 1 Tcpreplay | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep. | |||||
CVE-2018-9022 | 1 Broadcom | 1 Privileged Access Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file. | |||||
CVE-2017-14266 | 1 Broadcom | 1 Tcpreplay | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file, a related issue to CVE-2016-6160. | |||||
CVE-2017-11121 | 2 Apple, Broadcom | 4 Iphone Os, Tvos, Bcm4355c0 and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205. | |||||
CVE-2016-10256 | 1 Broadcom | 1 Symantec Proxysg | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257. | |||||
CVE-2016-10257 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256. | |||||
CVE-2017-9417 | 1 Broadcom | 4 Bcm4354 Wi-fi Chipset, Bcm4358 Wi-fi Chipset, Bcm4359 Wi-fi Chipset and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. | |||||
CVE-2017-11122 | 2 Apple, Broadcom | 4 Iphone Os, Tvos, Bcm4355c0 and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading. | |||||
CVE-2017-11120 | 2 Apple, Broadcom | 4 Iphone Os, Tvos, Bcm4355c0 and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204. | |||||
CVE-2017-6956 | 1 Broadcom | 2 Hardmac Wi-fi Soc, Hardmac Wi-fi Soc Firmware | 2023-12-10 | 8.3 HIGH | 8.8 HIGH |
On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE). | |||||
CVE-2016-9097 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2023-12-10 | 8.0 HIGH | 7.2 HIGH |
The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges. |