Vulnerabilities > Broadcom > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-05-17 CVE-2017-18268 Information Exposure Through Discrepancy vulnerability in Broadcom Symantec Intelligencecenter 3.3
Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack.
network
high complexity
broadcom CWE-203
5.9
2018-05-17 CVE-2017-15533 Information Exposure Through Discrepancy vulnerability in Broadcom SSL Visibility Appliance
Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack.
network
high complexity
broadcom CWE-203
5.9
2018-04-11 CVE-2017-13678 Cross-site Scripting vulnerability in Broadcom Advanced Secure Gateway and Symantec Proxysg
Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles.
network
low complexity
broadcom CWE-79
4.8
2018-04-11 CVE-2016-10258 Unrestricted Upload of File with Dangerous Type vulnerability in Broadcom Advanced Secure Gateway and Symantec Proxysg
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles.
network
low complexity
broadcom CWE-434
6.8
2018-02-08 CVE-2017-6227 A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system.
low complexity
brocade broadcom
6.5
2018-02-08 CVE-2017-6225 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.
network
low complexity
brocade broadcom CWE-79
6.1
2018-01-10 CVE-2016-10257 Cross-site Scripting vulnerability in Broadcom Advanced Secure Gateway and Symantec Proxysg
The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability.
network
low complexity
broadcom CWE-79
6.1
2018-01-10 CVE-2016-10256 Cross-site Scripting vulnerability in Broadcom Symantec Proxysg
The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability.
network
low complexity
broadcom CWE-79
6.1
2017-05-11 CVE-2016-9099 Open Redirect vulnerability in Broadcom Advanced Secure Gateway and Symantec Proxysg
Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability.
network
low complexity
broadcom CWE-601
6.1
2017-04-14 CVE-2016-5310 Out-of-bounds Write vulnerability in multiple products
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.
local
low complexity
symantec broadcom CWE-787
5.5