VYPR

Vendor CVEs

Broadcom Corporation

All CVEs

490 total · sorted by risk
  • CVE-2018-6436Nov 8, 2018
    risk 0.00cvss epss 0.00

    A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.

  • CVE-2018-6441Nov 8, 2018
    risk 0.00cvss epss 0.00

    A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell.

  • CVE-2018-6434Nov 8, 2018
    risk 0.00cvss epss 0.01

    A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID.

  • CVE-2015-7370Oct 14, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2…

  • CVE-2015-3316Jun 17, 2015
    risk 0.00cvss epss 0.00

    CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers…

  • CVE-2015-2828Apr 8, 2015
    risk 0.00cvss epss 0.03

    CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data.

  • CVE-2015-2827Apr 8, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-9650Jan 27, 2015
    risk 0.00cvss epss 0.03

    CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.

  • CVE-2014-9649Jan 27, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message.

  • CVE-2014-3440Jan 21, 2015
    risk 0.00cvss epss 0.03

    The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging…

  • CVE-2014-8248Dec 16, 2014
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query.

  • CVE-2014-8247Dec 16, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-8246Dec 16, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2014-6799Sep 29, 2014
    risk 0.00cvss epss 0.00

    The Investigation Tool (aka gov.ca.post.lp.itool) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2013-5016May 8, 2014
    risk 0.00cvss epss 0.02

    Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors.

  • CVE-2013-5968Oct 29, 2013
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character.

  • CVE-2013-2630Jul 31, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12.5 through 12.7 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

  • CVE-2013-2852Jun 7, 2013
    risk 0.00cvss epss 0.01

    Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an…

  • CVE-2012-0692Oct 2, 2012
    risk 0.00cvss epss 0.00

    CA License (aka CA Licensing) before 1.90.03 allows local users to modify or create arbitrary files, and consequently gain privileges, via unspecified vectors.

  • CVE-2012-0691Oct 2, 2012
    risk 0.00cvss epss 0.00

    CA License (aka CA Licensing) before 1.90.03 does not properly restrict system commands, which allows local users to gain privileges via unspecified vectors.

  • CVE-2012-1662Mar 22, 2012
    risk 0.00cvss epss 0.02

    CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network request.

  • CVE-2011-4503Nov 22, 2011
    risk 0.00cvss epss 0.02

    The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

  • CVE-2011-3849Nov 19, 2011
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in dxserver before 6279 in CA Directory 8.1 and CA Directory r12 before SP7 CR1 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP packet.

  • CVE-2011-1718Apr 27, 2011
    risk 0.00cvss epss 0.02

    The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.

  • CVE-2009-3588Oct 13, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and…

  • CVE-2009-0042Jan 28, 2009
    risk 0.00cvss epss 0.04

    Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote…

  • CVE-2008-4400Oct 14, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation."

  • CVE-2008-4119Sep 27, 2008
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "multiple web forms."

  • CVE-2008-2926Aug 12, 2008
    risk 0.00cvss epss 0.00

    The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via…

  • CVE-2008-1984Apr 27, 2008
    risk 0.00cvss epss 0.03

    The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure Content Manager 8.0.28000.511 and earlier allows remote attackers to cause a denial of service (crash or CPU consumption) via a malformed packet to TCP port 1882.

  • CVE-2008-1329Apr 7, 2008
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in the NetBackup service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary commands, related to "insufficient verification of file uploads."

  • CVE-2007-6406Dec 17, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly Computer Associates) eTrust Threat Management Console allow remote attackers to inject arbitrary web script or HTML via the IP Address field and other unspecified fields.

  • CVE-2007-5472Oct 22, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Server component in CA Host-Based Intrusion Prevention System (HIPS) before 8.0.0.93 allows remote attackers to inject arbitrary web script or HTML via requests that are written to logs for later display in the log viewer.

  • CVE-2007-5437Oct 13, 2007
    risk 0.00cvss epss 0.03

    The web console in CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689.

  • CVE-2007-5435Oct 13, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.2 might allow user-assisted remote attackers to cause a denial of service via a crafted Data Standards File (Datatype Standards File).

  • CVE-2007-5439Oct 13, 2007
    risk 0.00cvss epss 0.02

    CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stores sensitive user information in log files with predictable names, which allows remote attackers to obtain this information via unspecified vectors.

  • CVE-2007-5329Oct 13, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, has unknown impact and attack vectors related to memory corruption.

  • CVE-2007-5005Oct 1, 2007
    risk 0.00cvss epss 0.05

    Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence in the destination filename…

  • CVE-2007-5084Oct 1, 2007
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary SQL commands via CsAgent service commands with opcodes (1) 0x07, (2) 0x08, (3) 0x09, (4) 0x1E, (5) 0x32, (6)…

  • CVE-2007-3875Jul 26, 2007
    risk 0.00cvss epss 0.04

    arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.

  • CVE-2007-3695Jul 11, 2007
    risk 0.00cvss epss 0.04

    Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source,…

  • CVE-2007-3696Jul 11, 2007
    risk 0.00cvss epss 0.02

    CA ERwin Data Model Validator (formerly AllFusion Data Model Validator) allows remote attackers to (1) cause a denial of service (application hang) via a malformed .EXP database file and (2) cause a denial of service (aaplication crash) via a crafted .EXP database file, which…

  • CVE-2007-2230Apr 25, 2007
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in CA Clever Path Portal allows remote authenticated users to execute limited SQL commands and retrieve arbitrary database contents via (1) the ofinterest parameter in a light search query, (2) description parameter in the advanced search query, and…

  • CVE-2007-1448Mar 16, 2007
    risk 0.00cvss epss 0.01

    The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service (disabled interface) by calling an unspecified RPC function.

  • CVE-2007-1345Mar 10, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface.

  • CVE-2007-0672Feb 3, 2007
    risk 0.00cvss epss 0.03

    LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in…

  • CVE-2007-0673Feb 3, 2007
    risk 0.00cvss epss 0.03

    LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops r11.1 allows remote attackers to cause a denial of service (daemon crash) via a value of 0xFFFFFFFF at a certain point in an authentication negotiation packet, which results in an out-of-bounds read.

  • CVE-2006-6898Dec 31, 2006
    risk 0.00cvss epss 0.04

    Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote attackers to listen to and record conversations, aka the CarWhisperer attack.

  • CVE-2006-6904Dec 31, 2006
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Broadcom Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.

  • CVE-2006-6905Dec 31, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Widcomm Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.

Page 9 of 10