Vulnerabilities > Broadcom
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-16 | CVE-2014-8246 | Cross-Site Request Forgery (CSRF) vulnerability in Broadcom Release Automation 4.7.1 Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
| 2014-09-29 | CVE-2014-6799 | Cryptographic Issues vulnerability in Broadcom Investigation Tool 1.0.0 The Investigation Tool (aka gov.ca.post.lp.itool) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-05-14 | CVE-2014-2046 | Cryptographic Issues vulnerability in Broadcom Pipa C211 and Pipa C211 web Interface cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) modify the firmware via unspecified vectors. | 9.7 |
| 2014-05-08 | CVE-2013-5016 | Permissions, Privileges, and Access Controls vulnerability in Broadcom Symantec Critical System Protection Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors. | 7.6 |
| 2014-02-14 | CVE-2014-1219 | Improper Input Validation vulnerability in Broadcom 2E web Option R8.1.2 CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm. | 5.1 |
| 2012-11-14 | CVE-2012-2619 | Improper Input Validation vulnerability in multiple products The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element. | 7.8 |
| 2012-03-22 | CVE-2012-1662 | Improper Input Validation vulnerability in Broadcom Arcserve Backup R16.0 CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network request. | 5.0 |
| 2011-11-22 | CVE-2011-4503 | Configuration vulnerability in multiple products The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | 7.5 |
| 2011-11-19 | CVE-2011-3849 | Unspecified vulnerability in Broadcom Directory 8.1/R12 Unspecified vulnerability in dxserver before 6279 in CA Directory 8.1 and CA Directory r12 before SP7 CR1 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP packet. | 5.0 |
| 2010-03-18 | CVE-2010-0104 | Remote Code Execution vulnerability in Broadcom NetXtreme ASF Packet Handling Unspecified vulnerability in the Broadcom Integrated NIC Management Firmware 1.x before 1.40.0.0 and 8.x before 8.08 on the HP Small Form Factor and Microtower platforms allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |