Vulnerabilities > Broadcom > High

DATE CVE VULNERABILITY TITLE RISK
2019-11-08 CVE-2019-16209 Improper Certificate Validation vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1
A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.
network
high complexity
broadcom CWE-295
7.4
2019-11-08 CVE-2019-16208 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).
network
low complexity
broadcom CWE-327
7.5
2019-11-08 CVE-2019-16207 Use of Hard-coded Credentials vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1
Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.
local
low complexity
broadcom CWE-798
7.8
2019-11-08 CVE-2019-16205 Use of Insufficiently Random Values vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID.
network
low complexity
broadcom CWE-330
8.8
2019-11-04 CVE-2019-18683 Use After Free vulnerability in multiple products
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8.
7.0
2019-10-17 CVE-2019-13657 Use of Hard-coded Credentials vulnerability in Broadcom CA Performance Management and Network Operations
CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
network
low complexity
broadcom CWE-798
8.8
2019-06-07 CVE-2018-19860 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.
low complexity
broadcom cypress CWE-732
8.8
2019-02-17 CVE-2019-8381 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in Tcpreplay 4.3.1.
local
low complexity
broadcom fedoraproject CWE-119
7.8
2019-02-17 CVE-2019-8377 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Tcpreplay 4.3.1.
local
low complexity
broadcom fedoraproject CWE-476
7.8
2019-02-17 CVE-2019-8376 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Tcpreplay 4.3.1.
local
low complexity
broadcom fedoraproject CWE-476
7.8