Vulnerabilities > Broadcom > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-18 | CVE-2019-19054 | Memory Leak vulnerability in multiple products A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. | 4.7 |
| 2019-11-08 | CVE-2019-16209 | Improper Certificate Validation vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1 A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections. | 5.8 |
| 2019-11-08 | CVE-2019-16208 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1 Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.). | 5.0 |
| 2019-11-08 | CVE-2019-16207 | Use of Hard-coded Credentials vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1 Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges. | 4.6 |
| 2019-11-08 | CVE-2019-16205 | Use of Insufficiently Random Values vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1 A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. | 4.3 |
| 2019-10-17 | CVE-2019-13657 | Use of Hard-coded Credentials vulnerability in Broadcom CA Performance Management and Network Operations CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. | 6.5 |
| 2019-08-30 | CVE-2018-18371 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Broadcom Advanced Secure Gateway and Symantec Proxysg The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. | 4.0 |
| 2019-08-30 | CVE-2018-18370 | Cross-site Scripting vulnerability in Broadcom Advanced Secure Gateway and Symantec Proxysg The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. | 4.3 |
| 2019-06-07 | CVE-2018-19860 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command. | 5.8 |
| 2019-02-26 | CVE-2019-7392 | Improper Authentication vulnerability in Broadcom Privileged Access Manager An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration. | 6.4 |