Vulnerabilities > Broadcom > High

DATE CVE VULNERABILITY TITLE RISK
2020-09-25 CVE-2020-15369 Weak Password Requirements vulnerability in Broadcom Fabric Operating System
Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server.
network
low complexity
broadcom CWE-521
8.8
2020-07-24 CVE-2020-15778 OS Command Injection vulnerability in multiple products
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument.
local
low complexity
openbsd netapp broadcom CWE-78
7.8
2020-06-08 CVE-2020-12695 Incorrect Default Permissions vulnerability in multiple products
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
7.5
2020-04-28 CVE-2020-12243 Uncontrolled Recursion vulnerability in multiple products
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
7.5
2020-04-21 CVE-2020-1967 NULL Pointer Dereference vulnerability in multiple products
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension.
7.5
2020-04-15 CVE-2020-11666 Unspecified vulnerability in Broadcom CA API Developer Portal
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges.
network
low complexity
broadcom
8.8
2020-04-15 CVE-2020-11662 Unspecified vulnerability in Broadcom CA API Developer Portal
CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information.
network
low complexity
broadcom
7.5
2020-04-15 CVE-2020-11661 Unspecified vulnerability in Broadcom CA API Developer Portal
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data.
network
low complexity
broadcom
8.1
2020-02-18 CVE-2020-8011 NULL Pointer Dereference vulnerability in Broadcom Unified Infrastructure Management
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component.
network
low complexity
broadcom CWE-476
7.5
2020-02-06 CVE-2020-8648 Use After Free vulnerability in multiple products
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
7.1