Vulnerabilities > Broadcom > High

DATE CVE VULNERABILITY TITLE RISK
2017-05-08 CVE-2016-8202 Permissions, Privileges, and Access Controls vulnerability in Broadcom Fabric Operating System
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface.
network
low complexity
broadcom CWE-264
8.8
2017-04-05 CVE-2017-6956 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Broadcom Hardmac Wi-Fi SOC Firmware 6.37.34.40
On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE).
low complexity
broadcom CWE-119
8.8
2017-03-27 CVE-2017-6957 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Broadcom Bcm4339 SOC Firmware 6.37.34.40
Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to execute arbitrary code via a crafted reassociation response frame with a Cisco IE (156).
network
high complexity
broadcom CWE-119
8.1
2017-03-15 CVE-2017-6429 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Broadcom Tcpreplay
Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet.
local
low complexity
broadcom CWE-119
7.8
2017-01-27 CVE-2016-9795 Improper Input Validation vulnerability in multiple products
The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.
local
low complexity
broadcom ca CWE-20
7.8
2017-01-23 CVE-2016-6160 Resource Management Errors vulnerability in Broadcom Tcpreplay
tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266.
network
low complexity
broadcom CWE-399
7.5
2016-07-26 CVE-2016-6152 CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors.
network
low complexity
ca broadcom
8.8
2016-06-29 CVE-2015-8698 Unspecified vulnerability in Broadcom Release Automation
CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allows remote attackers to read arbitrary files or cause a denial of service via a request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
local
low complexity
broadcom
7.1
2016-06-08 CVE-2015-8800 Injection vulnerability in Broadcom products
Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.
network
low complexity
broadcom CWE-74
7.3
2016-06-08 CVE-2015-8799 Path Traversal vulnerability in Broadcom products
Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors.
high complexity
broadcom CWE-22
7.6