Vulnerabilities > Broadcom
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-25 | CVE-2020-15369 | Weak Password Requirements vulnerability in Broadcom Fabric Operating System Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. | 8.8 |
| 2020-07-24 | CVE-2020-15778 | OS Command Injection vulnerability in multiple products scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. | 7.8 |
| 2020-06-29 | CVE-2018-6446 | Use of Hard-coded Credentials vulnerability in Broadcom Brocade Network Advisor A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. | 9.8 |
| 2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |
| 2020-06-02 | CVE-2020-13401 | Improper Input Validation vulnerability in multiple products An issue was discovered in Docker Engine before 19.03.11. | 6.0 |
| 2020-05-28 | CVE-2020-13645 | Improper Certificate Validation vulnerability in multiple products In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. | 6.5 |
| 2020-05-08 | CVE-2020-12740 | Out-of-bounds Read vulnerability in multiple products tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. | 9.1 |
| 2020-04-28 | CVE-2020-12243 | Uncontrolled Recursion vulnerability in multiple products In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). | 7.5 |
| 2020-04-21 | CVE-2020-1967 | NULL Pointer Dereference vulnerability in multiple products Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. | 7.5 |
| 2020-04-15 | CVE-2020-11660 | Unspecified vulnerability in Broadcom CA API Developer Portal CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information. | 6.5 |