Vulnerabilities > Broadcom

DATE CVE VULNERABILITY TITLE RISK
2018-10-17 CVE-2018-18408 Use After Free vulnerability in multiple products
A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1.
network
low complexity
broadcom fedoraproject CWE-416
critical
 9.8
9.8
2018-10-17 CVE-2018-18407 Out-of-bounds Read vulnerability in multiple products
A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation.
local
low complexity
broadcom fedoraproject CWE-125
5.5
5.5
2018-10-03 CVE-2018-17974 Out-of-bounds Read vulnerability in Broadcom Tcpreplay 4.3.0
An issue was discovered in Tcpreplay 4.3.0 beta1.
local
low complexity
broadcom CWE-125
5.5
5.5
2018-09-28 CVE-2018-17582 Out-of-bounds Read vulnerability in Broadcom Tcpreplay 4.3.0
Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read.
local
low complexity
broadcom CWE-125
7.1
7.1
2018-09-28 CVE-2018-17580 Out-of-bounds Read vulnerability in Broadcom Tcpreplay 4.3.0
A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1.
local
low complexity
broadcom CWE-125
7.1
7.1
2018-08-30 CVE-2018-15691 Deserialization of Untrusted Data vulnerability in Broadcom Release Automation 6.3/6.4/6.5
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.
network
low complexity
broadcom CWE-502
critical
 9.8
9.8
2018-08-30 CVE-2018-13826 XXE vulnerability in multiple products
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.
network
low complexity
ca broadcom CWE-611
critical
 9.1
9.1
2018-08-30 CVE-2018-13825 Cross-site Scripting vulnerability in multiple products
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.
network
low complexity
ca broadcom CWE-79
6.1
6.1
2018-08-30 CVE-2018-13824 SQL Injection vulnerability in multiple products
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.
network
low complexity
ca broadcom CWE-89
critical
 9.8
9.8
2018-08-30 CVE-2018-13823 XXE vulnerability in multiple products
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information.
network
low complexity
ca broadcom CWE-611
7.5
7.5