Vendor CVEs
Broadcom Corporation
All CVEs
490 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-6641 | 0.00 | — | 0.02 | Dec 20, 2006 | Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly… | |||
| CVE-2006-6496 | 0.00 | — | 0.00 | Dec 13, 2006 | The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus 2007 8.1, Anti-Virus for Vista Beta 8.2, and CA Internet Security Suite 2007 v3.0 do not properly handle NULL buffers, which allows local users with administrative access to cause a denial of service (system… | |||
| CVE-2006-3975 | 0.00 | — | 0.04 | Aug 4, 2006 | Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote attackers to execute arbitrary code due to "improper bounds checking when processing certain user input." | |||
| CVE-2006-3976 | 0.00 | — | 0.04 | Aug 4, 2006 | Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files. | |||
| CVE-2006-3977 | 0.00 | — | 0.04 | Aug 4, 2006 | Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to "improper processing of outdated WebScan components." | |||
| CVE-2006-2201 | 0.00 | — | 0.00 | May 4, 2006 | Unspecified vulnerability in CA Resource Initialization Manager (CAIRIM) 1.x before 20060502, as used in z/OS Common Services and the LMP component in multiple products, allows attackers to violate integrity via a certain "problem state program" that uses SVC to gain access to… | |||
| CVE-2006-0307 | 0.00 | — | 0.04 | Jan 19, 2006 | The DM Primer in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter Remote Control 6.0, 6.0 SP1, CA Desktop Protection Suite r2, CA Server Protection… | |||
| CVE-2005-4150 | 0.00 | — | 0.02 | Dec 10, 2005 | Cross-site scripting (XSS) vulnerability in the portal login page in Computer Associates CleverPath 4.7 allows remote attackers to execute Javascript via unknown vectors. | |||
| CVE-2005-3372 | 0.00 | — | 0.01 | Oct 30, 2005 | Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe… | |||
| CVE-2005-3225 | 0.00 | — | 0.02 | Oct 14, 2005 | Multiple interpretation error in unspecified versions of (1) eTrust-Iris and (2) eTrust-Vet Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened… | |||
| CVE-2005-2667 | 0.00 | — | 0.03 | Aug 23, 2005 | Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows attackers to cause a denial of service via unknown vectors, aka the "CAM TCP port vulnerability." | |||
| CVE-2005-2204 | 0.00 | — | 0.02 | Jul 11, 2005 | Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3)… | |||
| CVE-2005-0583 | 0.00 | — | 0.04 | May 2, 2005 | Directory traversal vulnerability in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to create arbitrary files via .. (dot dot) sequences in a PUTOLF request. | |||
| CVE-2005-0642 | 0.00 | — | 0.01 | May 2, 2005 | SQL injection vulnerability in the Query Designer for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to execute arbitrary SQL via an imported file. | |||
| CVE-2005-0349 | 0.00 | — | 0.03 | May 2, 2005 | The production release of the UniversalAgent for UNIX in BrightStor ARCserve Backup 11.1 contains hard-coded credentials, which allows remote attackers to access the file system and possibly execute arbitrary commands. | |||
| CVE-2005-0968 | 0.00 | — | 0.02 | May 2, 2005 | Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API. | |||
| CVE-2005-0640 | 0.00 | — | 0.00 | Mar 2, 2005 | Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the "Change Credentials for Database" window, which allows local users to recover the SQL Admin password via certain methods. | |||
| CVE-2005-0641 | 0.00 | — | 0.01 | Mar 2, 2005 | Cross-site scripting (XSS) vulnerability in the Reporter for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to inject arbitrary HTML or web script via the (1) name or (2) description in a report template. | |||
| CVE-2004-1149 | 0.00 | — | 0.00 | Jan 10, 2005 | Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe. | |||
| CVE-2004-2305 | 0.00 | — | 0.03 | Dec 31, 2004 | Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote attackers to bypass virus scanning by including a password-protected file in a ZIP file, which causes eTrust to scan only the password protected file and skip the other files. | |||
| CVE-2004-2436 | 0.00 | — | 0.00 | Dec 31, 2004 | Computer Associates Unicenter Common Services 3.0 and earlier stores the database "SA" password in cleartext in the TndAddNspTmp.bat file, which could allow local users to gain privileges. | |||
| CVE-2004-0619 | 0.00 | — | 0.00 | Dec 6, 2004 | Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a negative add_dsa_buf_bytes variable, which leads to a buffer overflow. | |||
| CVE-2004-0267 | 0.00 | — | 0.00 | Nov 23, 2004 | The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust InoculateIT for Linux 6.0 allow local users to overwrite arbitrary files via a symlink attack on files in /tmp. | |||
| CVE-2004-1663 | 0.00 | — | 0.04 | Sep 4, 2004 | Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets. | |||
| CVE-2004-2092 | 0.00 | — | 0.00 | Feb 9, 2004 | eTrust InoculateIT for Linux 6.0 uses insecure permissions for multiple files and directories, including the application's registry and tmp directories, which allows local users to delete, modify, or examine sensitive information. | |||
| CVE-2003-0998 | 0.00 | — | 0.00 | Jan 5, 2004 | Unknown "potential system security vulnerability" in Computer Associates (CA) Unicenter Remote Control 5.0 through 5.2, and ControlIT 5.0 and 5.1, may allow attackers to gain privileges to the local system account. | |||
| CVE-2003-0997 | 0.00 | — | 0.01 | Jan 5, 2004 | Unknown "Denial of Service Attack" vulnerability in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to cause a denial of service (CPU consumption in URC host service). | |||
| CVE-2003-0996 | 0.00 | — | 0.00 | Jan 5, 2004 | Unknown "System Security Vulnerability" in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to gain privileges via the help interface. | |||
| CVE-2002-2285 | 0.00 | — | 0.02 | Dec 31, 2002 | eTrust InoculateIT 6.0 with the "Incremental Scan" option enabled may certify that a file is free of viruses before the file has been completely downloaded, which allows remote attackers to bypass virus detection. | |||
| CVE-2002-2317 | 0.00 | — | 0.02 | Dec 31, 2002 | Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method. | |||
| CVE-2002-1598 | 0.00 | — | 0.05 | Apr 5, 2002 | Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and earlier may allow local users to execute arbitrary code via long command line arguments to (1) mlclear or (2) mllock. | |||
| CVE-2001-0959 | 0.00 | — | 0.03 | Sep 15, 2001 | Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files. | |||
| CVE-2001-0960 | 0.00 | — | 0.03 | Sep 15, 2001 | Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges. | |||
| CVE-2001-0625 | 0.00 | — | 0.00 | Aug 22, 2001 | ftpdownload in Computer Associates InoculateIT 6.0 allows a local attacker to overwrite arbitrary files via a symlink attack on /tmp/ftpdownload.log . | |||
| CVE-2001-0382 | 0.00 | — | 0.01 | Jun 18, 2001 | Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak encryption for passwords, which allows a remote attacker to gain privileges on the application. | |||
| CVE-2000-0762 | 0.00 | — | 0.06 | Oct 20, 2000 | The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges. | |||
| CVE-1999-1368 | 0.00 | — | 0.01 | May 12, 1999 | AV Option for MS Exchange Server option for InoculateIT 4.53, and possibly other versions, only scans the Inbox folder tree of a Microsoft Exchange server, which could allow viruses to escape detection if a user's rules cause the message to be moved to a different mailbox. | |||
| CVE-1999-1049 | 0.00 | — | 0.02 | Feb 21, 1999 | ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password. | |||
| CVE-1999-0355 | 0.00 | — | 0.02 | Jan 1, 1999 | Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service. | |||
| CVE-1999-1322 | 0.00 | — | 0.01 | Nov 12, 1998 | The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext. |
- CVE-2006-6641Dec 20, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly…
- CVE-2006-6496Dec 13, 2006risk 0.00cvss —epss 0.00
The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus 2007 8.1, Anti-Virus for Vista Beta 8.2, and CA Internet Security Suite 2007 v3.0 do not properly handle NULL buffers, which allows local users with administrative access to cause a denial of service (system…
- CVE-2006-3975Aug 4, 2006risk 0.00cvss —epss 0.04
Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote attackers to execute arbitrary code due to "improper bounds checking when processing certain user input."
- CVE-2006-3976Aug 4, 2006risk 0.00cvss —epss 0.04
Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files.
- CVE-2006-3977Aug 4, 2006risk 0.00cvss —epss 0.04
Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to "improper processing of outdated WebScan components."
- CVE-2006-2201May 4, 2006risk 0.00cvss —epss 0.00
Unspecified vulnerability in CA Resource Initialization Manager (CAIRIM) 1.x before 20060502, as used in z/OS Common Services and the LMP component in multiple products, allows attackers to violate integrity via a certain "problem state program" that uses SVC to gain access to…
- CVE-2006-0307Jan 19, 2006risk 0.00cvss —epss 0.04
The DM Primer in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter Remote Control 6.0, 6.0 SP1, CA Desktop Protection Suite r2, CA Server Protection…
- CVE-2005-4150Dec 10, 2005risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the portal login page in Computer Associates CleverPath 4.7 allows remote attackers to execute Javascript via unknown vectors.
- CVE-2005-3372Oct 30, 2005risk 0.00cvss —epss 0.01
Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe…
- CVE-2005-3225Oct 14, 2005risk 0.00cvss —epss 0.02
Multiple interpretation error in unspecified versions of (1) eTrust-Iris and (2) eTrust-Vet Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened…
- CVE-2005-2667Aug 23, 2005risk 0.00cvss —epss 0.03
Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows attackers to cause a denial of service via unknown vectors, aka the "CAM TCP port vulnerability."
- CVE-2005-2204Jul 11, 2005risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3)…
- CVE-2005-0583May 2, 2005risk 0.00cvss —epss 0.04
Directory traversal vulnerability in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to create arbitrary files via .. (dot dot) sequences in a PUTOLF request.
- CVE-2005-0642May 2, 2005risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Query Designer for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to execute arbitrary SQL via an imported file.
- CVE-2005-0349May 2, 2005risk 0.00cvss —epss 0.03
The production release of the UniversalAgent for UNIX in BrightStor ARCserve Backup 11.1 contains hard-coded credentials, which allows remote attackers to access the file system and possibly execute arbitrary commands.
- CVE-2005-0968May 2, 2005risk 0.00cvss —epss 0.02
Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API.
- CVE-2005-0640Mar 2, 2005risk 0.00cvss —epss 0.00
Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the "Change Credentials for Database" window, which allows local users to recover the SQL Admin password via certain methods.
- CVE-2005-0641Mar 2, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Reporter for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to inject arbitrary HTML or web script via the (1) name or (2) description in a report template.
- CVE-2004-1149Jan 10, 2005risk 0.00cvss —epss 0.00
Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe.
- CVE-2004-2305Dec 31, 2004risk 0.00cvss —epss 0.03
Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote attackers to bypass virus scanning by including a password-protected file in a ZIP file, which causes eTrust to scan only the password protected file and skip the other files.
- CVE-2004-2436Dec 31, 2004risk 0.00cvss —epss 0.00
Computer Associates Unicenter Common Services 3.0 and earlier stores the database "SA" password in cleartext in the TndAddNspTmp.bat file, which could allow local users to gain privileges.
- CVE-2004-0619Dec 6, 2004risk 0.00cvss —epss 0.00
Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a negative add_dsa_buf_bytes variable, which leads to a buffer overflow.
- CVE-2004-0267Nov 23, 2004risk 0.00cvss —epss 0.00
The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust InoculateIT for Linux 6.0 allow local users to overwrite arbitrary files via a symlink attack on files in /tmp.
- CVE-2004-1663Sep 4, 2004risk 0.00cvss —epss 0.04
Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets.
- CVE-2004-2092Feb 9, 2004risk 0.00cvss —epss 0.00
eTrust InoculateIT for Linux 6.0 uses insecure permissions for multiple files and directories, including the application's registry and tmp directories, which allows local users to delete, modify, or examine sensitive information.
- CVE-2003-0998Jan 5, 2004risk 0.00cvss —epss 0.00
Unknown "potential system security vulnerability" in Computer Associates (CA) Unicenter Remote Control 5.0 through 5.2, and ControlIT 5.0 and 5.1, may allow attackers to gain privileges to the local system account.
- CVE-2003-0997Jan 5, 2004risk 0.00cvss —epss 0.01
Unknown "Denial of Service Attack" vulnerability in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to cause a denial of service (CPU consumption in URC host service).
- CVE-2003-0996Jan 5, 2004risk 0.00cvss —epss 0.00
Unknown "System Security Vulnerability" in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to gain privileges via the help interface.
- CVE-2002-2285Dec 31, 2002risk 0.00cvss —epss 0.02
eTrust InoculateIT 6.0 with the "Incremental Scan" option enabled may certify that a file is free of viruses before the file has been completely downloaded, which allows remote attackers to bypass virus detection.
- CVE-2002-2317Dec 31, 2002risk 0.00cvss —epss 0.02
Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method.
- CVE-2002-1598Apr 5, 2002risk 0.00cvss —epss 0.05
Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and earlier may allow local users to execute arbitrary code via long command line arguments to (1) mlclear or (2) mllock.
- CVE-2001-0959Sep 15, 2001risk 0.00cvss —epss 0.03
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files.
- CVE-2001-0960Sep 15, 2001risk 0.00cvss —epss 0.03
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges.
- CVE-2001-0625Aug 22, 2001risk 0.00cvss —epss 0.00
ftpdownload in Computer Associates InoculateIT 6.0 allows a local attacker to overwrite arbitrary files via a symlink attack on /tmp/ftpdownload.log .
- CVE-2001-0382Jun 18, 2001risk 0.00cvss —epss 0.01
Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak encryption for passwords, which allows a remote attacker to gain privileges on the application.
- CVE-2000-0762Oct 20, 2000risk 0.00cvss —epss 0.06
The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges.
- CVE-1999-1368May 12, 1999risk 0.00cvss —epss 0.01
AV Option for MS Exchange Server option for InoculateIT 4.53, and possibly other versions, only scans the Inbox folder tree of a Microsoft Exchange server, which could allow viruses to escape detection if a user's rules cause the message to be moved to a different mailbox.
- CVE-1999-1049Feb 21, 1999risk 0.00cvss —epss 0.02
ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password.
- CVE-1999-0355Jan 1, 1999risk 0.00cvss —epss 0.02
Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service.
- CVE-1999-1322Nov 12, 1998risk 0.00cvss —epss 0.01
The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext.
Page 10 of 10