Vulnerabilities > Broadcom > High

DATE CVE VULNERABILITY TITLE RISK
2007-07-11 CVE-2007-3696 Unspecified vulnerability in Broadcom Erwin Data Model Validator
CA ERwin Data Model Validator (formerly AllFusion Data Model Validator) allows remote attackers to (1) cause a denial of service (application hang) via a malformed .EXP database file and (2) cause a denial of service (aaplication crash) via a crafted .EXP database file, which triggers a NULL dereference.
network
low complexity
broadcom
7.8
2007-05-11 CVE-2007-2523 CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.
local
low complexity
broadcom ca
7.2
2007-03-31 CVE-2007-1785 The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.
network
high complexity
broadcom ca
7.1
2007-03-02 CVE-2007-1005 Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp).
network
low complexity
broadcom ca
7.8
2007-02-03 CVE-2007-0673 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops r11.1 allows remote attackers to cause a denial of service (daemon crash) via a value of 0xFFFFFFFF at a certain point in an authentication negotiation packet, which results in an out-of-bounds read.
network
low complexity
broadcom ca CWE-119
7.8
2007-02-03 CVE-2007-0672 LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\Server\data\transfer\.
network
low complexity
broadcom ca
7.8
2007-01-11 CVE-2007-0169 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Broadcom products
Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service.
network
low complexity
broadcom CWE-119
7.5
2007-01-11 CVE-2007-0168 Unspecified vulnerability in Broadcom products
The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.
network
low complexity
broadcom
7.5
2006-12-31 CVE-2006-6904 Remote Security vulnerability in Bluetooth Stack
Unspecified vulnerability in the Broadcom Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
7.9
2006-12-31 CVE-2006-6898 Remote Security vulnerability in Broadcom Widcomm Bluetooth 4.0.1.1500
Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote attackers to listen to and record conversations, aka the CarWhisperer attack.
network
low complexity
broadcom
7.8