Vulnerabilities > Broadcom > High

DATE CVE VULNERABILITY TITLE RISK
2017-01-27 CVE-2016-9795 Improper Input Validation vulnerability in multiple products
The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.
local
low complexity
broadcom ca CWE-20
7.8
2017-01-23 CVE-2016-6160 Resource Management Errors vulnerability in Broadcom Tcpreplay
tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266.
network
low complexity
broadcom CWE-399
7.5
2016-07-26 CVE-2016-6152 CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors.
network
low complexity
ca broadcom
8.8
2016-06-29 CVE-2015-8698 Unspecified vulnerability in Broadcom Release Automation
CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allows remote attackers to read arbitrary files or cause a denial of service via a request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
local
low complexity
broadcom
7.1
2016-06-08 CVE-2015-8800 Injection vulnerability in Broadcom products
Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.
network
low complexity
broadcom CWE-74
7.3
2016-06-08 CVE-2015-8799 Path Traversal vulnerability in Broadcom products
Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors.
high complexity
broadcom CWE-22
7.6
2016-06-08 CVE-2015-8798 Path Traversal vulnerability in Broadcom products
Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors.
low complexity
broadcom CWE-22
8.0
2016-06-08 CVE-2015-8157 SQL Injection vulnerability in Broadcom products
SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
broadcom CWE-89
8.8
2014-04-07 CVE-2014-0160 Out-of-bounds Read vulnerability in multiple products
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
7.5
2004-12-31 CVE-2004-2397 Cleartext Storage of Sensitive Information vulnerability in Broadcom Bluecoat Security Gateway
The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates.
network
low complexity
broadcom CWE-312
7.5