Broadcom Corporation
Broadcom Corporation was an American fabless semiconductor company that made products for the wireless and broadband communication industry. It was acquired by Avago Technologies for $37 billion in 2016 and currently operates as a wholly owned subsidiary of the merged entity Broadcom Inc.
Products
198- 63 CVEs
- 49 CVEs
- 32 CVEs
- 21 CVEs
- 20 CVEs
- 19 CVEs
- 17 CVEs
- 16 CVEs
- 16 CVEs
- 15 CVEs
- 13 CVEs
- 13 CVEs
- 13 CVEs
- 11 CVEs
- 10 CVEs
- 10 CVEs
- 10 CVEs
- 10 CVEs
- 10 CVEs
- 10 CVEs
- 10 CVEs
- 10 CVEs
- 10 CVEs
- 9 CVEs
- 8 CVEs
- 8 CVEs
- 7 CVEs
- 7 CVEs
- 7 CVEs
- 7 CVEs
- View all 198 products →
Recent CVEs
490| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-0160 | Hig | 0.72 | 7.5 | 1.00 | KEV | Apr 7, 2014 | The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by… | |
| CVE-2017-9417 | Cri | 0.71 | 9.8 | 0.48 | Jun 4, 2017 | Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. | ||
| CVE-2017-0561 | Cri | 0.69 | 9.8 | 0.30 | Apr 7, 2017 | A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC.… | ||
| CVE-2013-4659 | Cri | 0.68 | 9.8 | 0.14 | Mar 14, 2017 | Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU. | ||
| CVE-2017-11120 | Cri | 0.67 | 9.8 | 0.09 | Sep 28, 2017 | On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204. | ||
| CVE-2016-8205 | Cri | 0.65 | 9.8 | 0.13 | Jan 14, 2017 | A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. | ||
| CVE-2017-0824 | Cri | 0.64 | 9.8 | 0.00 | Oct 4, 2017 | An elevation of privilege vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37622847. References: B-V2017063001. | ||
| CVE-2017-11121 | Cri | 0.64 | 9.8 | 0.03 | Sep 28, 2017 | On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205. | ||
| CVE-2016-8204 | Cri | 0.64 | 9.8 | 0.07 | Jan 14, 2017 | A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. | ||
| CVE-2016-9877 | Cri | 0.64 | 9.8 | 0.01 | Dec 29, 2016 | An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an… | ||
| CVE-2016-2473 | Cri | 0.64 | 9.8 | 0.01 | Jun 13, 2016 | The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27777501. | ||
| CVE-2025-41238 | Cri | 0.60 | 9.3 | 0.00 | Jul 15, 2025 | VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as… | ||
| CVE-2024-3596 | Cri | 0.60 | 9.0 | 0.15 | Jul 9, 2024 | RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. | ||
| CVE-2025-7398 | Cri | 0.59 | 9.1 | 0.00 | Jul 17, 2025 | Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036. | ||
| CVE-2025-6391 | Cri | 0.59 | 9.1 | 0.00 | Jul 17, 2025 | Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure. | ||
| CVE-2024-1509 | Cri | 0.59 | 9.1 | 0.00 | Feb 28, 2025 | Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping… | ||
| CVE-2015-6854 | Cri | 0.59 | 9.1 | 0.01 | Mar 24, 2016 | The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. | ||
| CVE-2015-6853 | Cri | 0.59 | 9.1 | 0.01 | Mar 24, 2016 | The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive… | ||
| CVE-2025-4971 | Hig | 0.58 | — | 0.01 | May 20, 2025 | Broadcom Automic Automation Agent Unix versions < 24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution rights on the agent executable to escalate their privileges. | ||
| CVE-2025-9059 | Hig | 0.57 | — | 0.00 | Sep 11, 2025 | The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges vulnerability through DLL hijacking. |
- risk 0.72cvss 7.5epss 1.00
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by…
- risk 0.71cvss 9.8epss 0.48
Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.
- risk 0.69cvss 9.8epss 0.30
A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC.…
- risk 0.68cvss 9.8epss 0.14
Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU.
- risk 0.67cvss 9.8epss 0.09
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204.
- risk 0.65cvss 9.8epss 0.13
A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
- risk 0.64cvss 9.8epss 0.00
An elevation of privilege vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37622847. References: B-V2017063001.
- risk 0.64cvss 9.8epss 0.03
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205.
- risk 0.64cvss 9.8epss 0.07
A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an…
- risk 0.64cvss 9.8epss 0.01
The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27777501.
- risk 0.60cvss 9.3epss 0.00
VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as…
- risk 0.60cvss 9.0epss 0.15
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
- risk 0.59cvss 9.1epss 0.00
Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036.
- risk 0.59cvss 9.1epss 0.00
Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure.
- risk 0.59cvss 9.1epss 0.00
Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping…
- risk 0.59cvss 9.1epss 0.01
The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.
- risk 0.59cvss 9.1epss 0.01
The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive…
- risk 0.58cvss —epss 0.01
Broadcom Automic Automation Agent Unix versions < 24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution rights on the agent executable to escalate their privileges.
- risk 0.57cvss —epss 0.00
The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges vulnerability through DLL hijacking.