Vulnerabilities > Broadcom

DATE CVE VULNERABILITY TITLE RISK
2016-03-24 CVE-2015-6853 Insufficient Verification of Data Authenticity vulnerability in Broadcom Single Sign-On
The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.
network
low complexity
broadcom CWE-345
critical
9.1
2014-04-07 CVE-2014-0160 Out-of-bounds Read vulnerability in multiple products
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
7.5
2004-12-31 CVE-2004-2397 Cleartext Storage of Sensitive Information vulnerability in Broadcom Bluecoat Security Gateway
The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates.
network
low complexity
broadcom CWE-312
7.5