Vulnerabilities > Broadcom > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-28 | CVE-2017-11120 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204. | 10.0 |
| 2017-05-08 | CVE-2016-8202 | Permissions, Privileges, and Access Controls vulnerability in Broadcom Fabric Operating System A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. | 9.0 |
| 2017-01-14 | CVE-2016-8204 | Path Traversal vulnerability in Broadcom Brocade Network Advisor A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. | 10.0 |
| 2016-07-26 | CVE-2016-6152 | CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors. | 9.0 |
| 2015-04-08 | CVE-2015-2828 | Permissions, Privileges, and Access Controls vulnerability in Broadcom Spectrum 9.2/9.3 CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data. | 9.0 |
| 2015-01-21 | CVE-2014-3440 | Improper Input Validation vulnerability in multiple products The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file. | 9.0 |
| 2014-05-14 | CVE-2014-2046 | Cryptographic Issues vulnerability in Broadcom Pipa C211 and Pipa C211 web Interface cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) modify the firmware via unspecified vectors. | 9.7 |
| 2010-03-18 | CVE-2010-0104 | Remote Code Execution vulnerability in Broadcom NetXtreme ASF Packet Handling Unspecified vulnerability in the Broadcom Integrated NIC Management Firmware 1.x before 1.40.0.0 and 8.x before 8.08 on the HP Small Form Factor and Microtower platforms allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
| 2009-01-28 | CVE-2009-0042 | Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file. | 10.0 |
| 2008-12-11 | CVE-2008-5415 | The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure. | 10.0 |