Vulnerabilities > Broadcom > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-25 | CVE-2020-15373 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Broadcom Fabric Operating System Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks. | 7.5 |
| 2020-09-25 | CVE-2020-15371 | Unspecified vulnerability in Broadcom Fabric Operating System Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability. | 7.5 |
| 2020-07-24 | CVE-2020-15778 | OS Command Injection vulnerability in multiple products scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. | 7.8 |
| 2020-06-29 | CVE-2018-6446 | Use of Hard-coded Credentials vulnerability in Broadcom Brocade Network Advisor A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. | 7.5 |
| 2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |
| 2020-04-21 | CVE-2020-1967 | NULL Pointer Dereference vulnerability in multiple products Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. | 7.5 |
| 2020-04-15 | CVE-2020-11658 | Authorization Bypass Through User-Controlled Key vulnerability in Broadcom CA API Developer Portal CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization. | 7.5 |
| 2020-03-24 | CVE-2019-20549 | Out-of-bounds Read vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software. | 7.5 |
| 2020-02-18 | CVE-2020-8012 | Classic Buffer Overflow vulnerability in Broadcom Unified Infrastructure Management CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. | 7.5 |
| 2020-02-03 | CVE-2019-9502 | Out-of-bounds Write vulnerability in multiple products The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. | 8.3 |