Vulnerabilities > Broadcom > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-12-03 CVE-2018-6440 Unspecified vulnerability in Broadcom Fabric Operating System
A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack.
network
low complexity
broadcom
critical
9.1
2018-10-17 CVE-2018-18408 Use After Free vulnerability in multiple products
A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1.
network
low complexity
broadcom fedoraproject CWE-416
critical
9.8
2018-08-30 CVE-2018-15691 Deserialization of Untrusted Data vulnerability in Broadcom Release Automation 6.3/6.4/6.5
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.
network
low complexity
broadcom CWE-502
critical
9.8
2018-08-30 CVE-2018-13826 XXE vulnerability in multiple products
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.
network
low complexity
ca broadcom CWE-611
critical
9.1
2018-08-30 CVE-2018-13824 SQL Injection vulnerability in multiple products
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.
network
low complexity
ca broadcom CWE-89
critical
9.8
2018-06-18 CVE-2018-9029 SQL Injection vulnerability in Broadcom Privileged Access Manager
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.
network
low complexity
broadcom CWE-89
critical
9.8
2018-06-18 CVE-2018-9022 Improper Privilege Management vulnerability in Broadcom Privileged Access Manager
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.
network
low complexity
broadcom CWE-269
critical
9.8
2018-06-18 CVE-2018-9021 Improper Privilege Management vulnerability in Broadcom Privileged Access Manager
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.
network
low complexity
broadcom CWE-269
critical
9.8
2018-06-18 CVE-2015-4664 Improper Input Validation vulnerability in multiple products
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
network
low complexity
broadcom xceedium CWE-20
critical
9.8
2018-05-29 CVE-2018-5241 Unspecified vulnerability in Broadcom Advanced Secure Gateway and Symantec Proxysg
Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability.
network
low complexity
broadcom
critical
9.8