Vulnerabilities > Broadcom > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-14 | CVE-2022-23992 | Improper Input Validation vulnerability in Broadcom Xcom Data Transport 11.6 XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges. | 9.8 |
| 2022-01-18 | CVE-2022-23305 | SQL Injection vulnerability in multiple products By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. | 9.8 |
| 2021-06-30 | CVE-2021-30648 | Improper Authentication vulnerability in Broadcom products The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. | 9.0 |
| 2020-12-10 | CVE-2020-12594 | Improper Privilege Management vulnerability in Broadcom Symantec Messaging Gateway A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. | 9.0 |
| 2020-05-08 | CVE-2020-12740 | Out-of-bounds Read vulnerability in multiple products tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. | 9.1 |
| 2020-02-18 | CVE-2020-8010 | Unspecified vulnerability in Broadcom Unified Infrastructure Management CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. | 10.0 |
| 2018-10-17 | CVE-2018-18408 | Use After Free vulnerability in multiple products A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. | 9.8 |
| 2018-06-18 | CVE-2018-9023 | Improper Input Validation vulnerability in Broadcom Privileged Access Manager An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script. | 9.0 |
| 2017-09-28 | CVE-2017-11121 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205. | 10.0 |
| 2017-09-28 | CVE-2017-11120 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204. | 10.0 |