Vulnerabilities > Broadcom > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-18 CVE-2018-9029 SQL Injection vulnerability in Broadcom Privileged Access Manager
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.
network
low complexity
broadcom CWE-89
7.5
2018-06-18 CVE-2018-9022 Improper Privilege Management vulnerability in Broadcom Privileged Access Manager
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.
network
low complexity
broadcom CWE-269
7.5
2018-06-18 CVE-2018-9021 Improper Privilege Management vulnerability in Broadcom Privileged Access Manager
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.
network
low complexity
broadcom CWE-269
7.5
2018-06-18 CVE-2015-4664 Improper Input Validation vulnerability in multiple products
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
network
low complexity
broadcom xceedium CWE-20
7.5
2018-05-29 CVE-2018-5241 Unspecified vulnerability in Broadcom Advanced Secure Gateway and Symantec Proxysg
Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability.
network
low complexity
broadcom
7.5
2017-06-04 CVE-2017-9417 Unspecified vulnerability in Broadcom Bcm43Xx Wi-Fi Chipset Firmware
Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.
network
low complexity
broadcom
7.5
2017-05-11 CVE-2016-9097 Permissions, Privileges, and Access Controls vulnerability in Broadcom Advanced Secure Gateway and Symantec Proxysg
The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users.
network
low complexity
broadcom CWE-264
8.0
2017-04-05 CVE-2017-6956 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Broadcom Hardmac Wi-Fi SOC Firmware 6.37.34.40
On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE).
low complexity
broadcom CWE-119
8.3
2017-01-27 CVE-2016-9795 Improper Input Validation vulnerability in multiple products
The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.
local
low complexity
broadcom ca CWE-20
7.2
2016-08-22 CVE-2016-4376 7PK - Security Features vulnerability in Broadcom Fabric Operating System
HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
broadcom CWE-254
7.8