Vulnerabilities > Broadcom
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-27 | CVE-2017-6957 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Broadcom Bcm4339 SOC Firmware 6.37.34.40 Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to execute arbitrary code via a crafted reassociation response frame with a Cisco IE (156). | 8.1 |
| 2017-03-15 | CVE-2017-6429 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Broadcom Tcpreplay Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet. | 7.8 |
| 2017-01-27 | CVE-2016-9795 | Improper Input Validation vulnerability in multiple products The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation. | 7.8 |
| 2017-01-23 | CVE-2016-6160 | Resource Management Errors vulnerability in Broadcom Tcpreplay tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266. | 7.5 |
| 2017-01-14 | CVE-2016-8204 | Path Traversal vulnerability in Broadcom Brocade Network Advisor A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. | 9.8 |
| 2016-08-22 | CVE-2016-4376 | 7PK - Security Features vulnerability in Broadcom Fabric Operating System HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors. | 6.5 |
| 2016-07-26 | CVE-2016-6152 | CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors. | 8.8 |
| 2016-06-29 | CVE-2015-8699 | Cross-site Scripting vulnerability in Broadcom Release Automation Multiple cross-site scripting (XSS) vulnerabilities in CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-06-29 | CVE-2015-8698 | Unspecified vulnerability in Broadcom Release Automation CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allows remote attackers to read arbitrary files or cause a denial of service via a request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 7.1 |
| 2016-06-08 | CVE-2015-8800 | Injection vulnerability in Broadcom products Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access. | 7.3 |