Vulnerabilities > Broadcom > High

DATE CVE VULNERABILITY TITLE RISK
2016-06-08 CVE-2015-8799 Path Traversal vulnerability in Broadcom products
Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors.
network
high complexity
broadcom CWE-22
7.1
2016-06-08 CVE-2015-8798 Path Traversal vulnerability in Broadcom products
Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors.
low complexity
broadcom CWE-22
7.7
2015-01-21 CVE-2014-9226 Permissions, Privileges, and Access Controls vulnerability in multiple products
The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.
local
low complexity
broadcom symantec CWE-264
7.2
2014-05-08 CVE-2013-5016 Permissions, Privileges, and Access Controls vulnerability in Broadcom Symantec Critical System Protection
Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors.
network
high complexity
broadcom CWE-264
7.6
2014-04-07 CVE-2014-0160 Out-of-bounds Read vulnerability in multiple products
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
7.5
2012-11-14 CVE-2012-2619 Improper Input Validation vulnerability in multiple products
The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.
network
low complexity
broadcom apple CWE-20
7.8
2011-11-22 CVE-2011-4503 Configuration vulnerability in multiple products
The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
network
low complexity
broadcom sitecom CWE-16
7.5
2008-08-12 CVE-2008-2926 Improper Input Validation vulnerability in multiple products
The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request.
local
low complexity
broadcom ca CWE-20
7.2
2008-05-21 CVE-2008-2242 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function.
network
low complexity
broadcom ca CWE-119
7.5
2008-04-27 CVE-2008-1984 Resource Management Errors vulnerability in Broadcom Secure Content Manager 1.1/8.0
The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure Content Manager 8.0.28000.511 and earlier allows remote attackers to cause a denial of service (crash or CPU consumption) via a malformed packet to TCP port 1882.
network
low complexity
broadcom CWE-399
7.8