Vulnerabilities > Broadcom > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-09-28 CVE-2017-11120 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204.
network
low complexity
broadcom apple CWE-119
critical
10.0
2017-05-08 CVE-2016-8202 Permissions, Privileges, and Access Controls vulnerability in Broadcom Fabric Operating System
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface.
network
low complexity
broadcom CWE-264
critical
9.0
2017-01-14 CVE-2016-8204 Path Traversal vulnerability in Broadcom Brocade Network Advisor
A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
network
low complexity
broadcom CWE-22
critical
10.0
2016-07-26 CVE-2016-6152 CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors.
network
low complexity
broadcom ca
critical
9.0
2015-04-08 CVE-2015-2828 Permissions, Privileges, and Access Controls vulnerability in Broadcom Spectrum 9.2/9.3
CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data.
network
low complexity
broadcom CWE-264
critical
9.0
2015-01-21 CVE-2014-3440 Improper Input Validation vulnerability in multiple products
The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file.
network
low complexity
broadcom symantec CWE-20
critical
9.0
2014-05-14 CVE-2014-2046 Cryptographic Issues vulnerability in Broadcom Pipa C211 and Pipa C211 web Interface
cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) modify the firmware via unspecified vectors.
network
low complexity
broadcom CWE-310
critical
9.7
2010-03-18 CVE-2010-0104 Remote Code Execution vulnerability in Broadcom NetXtreme ASF Packet Handling
Unspecified vulnerability in the Broadcom Integrated NIC Management Firmware 1.x before 1.40.0.0 and 8.x before 8.08 on the HP Small Form Factor and Microtower platforms allows remote attackers to execute arbitrary code via unknown vectors.
network
low complexity
broadcom hp
critical
10.0
2009-01-28 CVE-2009-0042 Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file.
network
low complexity
broadcom ca
critical
10.0
2008-12-11 CVE-2008-5415 The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure.
network
low complexity
broadcom ca
critical
10.0