Vulnerabilities > Broadcom > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-02-14 CVE-2022-23992 Improper Input Validation vulnerability in Broadcom Xcom Data Transport 11.6
XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges.
network
low complexity
broadcom CWE-20
critical
9.8
2022-01-18 CVE-2022-23305 SQL Injection vulnerability in multiple products
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout.
network
low complexity
apache netapp broadcom qos oracle CWE-89
critical
9.8
2021-09-16 CVE-2021-40438 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.
9.0
2021-06-30 CVE-2021-30648 Improper Authentication vulnerability in Broadcom products
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability.
network
low complexity
broadcom CWE-287
critical
9.0
2020-12-10 CVE-2020-12594 Improper Privilege Management vulnerability in Broadcom Symantec Messaging Gateway
A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance.
network
low complexity
broadcom CWE-269
critical
9.0
2020-05-08 CVE-2020-12740 Out-of-bounds Read vulnerability in multiple products
tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation.
network
low complexity
broadcom fedoraproject CWE-125
critical
9.1
2020-02-18 CVE-2020-8010 Unspecified vulnerability in Broadcom Unified Infrastructure Management
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component.
network
low complexity
broadcom
critical
10.0
2018-10-17 CVE-2018-18408 Use After Free vulnerability in multiple products
A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1.
network
low complexity
broadcom fedoraproject CWE-416
critical
9.8
2018-06-18 CVE-2018-9023 Improper Input Validation vulnerability in Broadcom Privileged Access Manager
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script.
network
low complexity
broadcom CWE-20
critical
9.0
2017-09-28 CVE-2017-11121 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205.
network
low complexity
broadcom apple CWE-119
critical
10.0