Vulnerabilities > Broadcom > High

DATE CVE VULNERABILITY TITLE RISK
2020-09-25 CVE-2020-15373 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Broadcom Fabric Operating System
Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.
network
low complexity
broadcom CWE-119
7.5
2020-09-25 CVE-2020-15371 Unspecified vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.
network
low complexity
broadcom
7.5
2020-07-24 CVE-2020-15778 OS Command Injection vulnerability in multiple products
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument.
local
low complexity
openbsd netapp broadcom CWE-78
7.8
2020-06-29 CVE-2018-6446 Use of Hard-coded Credentials vulnerability in Broadcom Brocade Network Advisor
A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications.
7.5
2020-06-08 CVE-2020-12695 Incorrect Default Permissions vulnerability in multiple products
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
7.5
2020-04-21 CVE-2020-1967 NULL Pointer Dereference vulnerability in multiple products
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension.
7.5
2020-04-15 CVE-2020-11658 Authorization Bypass Through User-Controlled Key vulnerability in Broadcom CA API Developer Portal
CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.
network
low complexity
broadcom CWE-639
7.5
2020-03-24 CVE-2019-20549 Out-of-bounds Read vulnerability in Google Android
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software.
network
low complexity
google broadcom CWE-125
7.5
2020-02-18 CVE-2020-8012 Classic Buffer Overflow vulnerability in Broadcom Unified Infrastructure Management
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component.
network
low complexity
broadcom CWE-120
7.5
2020-02-03 CVE-2019-9502 Out-of-bounds Write vulnerability in multiple products
The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow.
low complexity
synology broadcom CWE-787
8.3