Vulnerabilities > Broadcom > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-28 | CVE-2018-17582 | Out-of-bounds Read vulnerability in Broadcom Tcpreplay 4.3.0 Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. | 5.8 |
| 2018-09-28 | CVE-2018-17580 | Out-of-bounds Read vulnerability in Broadcom Tcpreplay 4.3.0 A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. | 5.8 |
| 2018-08-30 | CVE-2018-13826 | XXE vulnerability in multiple products An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks. | 6.4 |
| 2018-08-30 | CVE-2018-13825 | Cross-site Scripting vulnerability in multiple products Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks. | 4.3 |
| 2018-08-30 | CVE-2018-13823 | XXE vulnerability in multiple products An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information. | 5.0 |
| 2018-08-03 | CVE-2018-6590 | Cross-site Scripting vulnerability in Broadcom CA API Developer Portal CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. | 6.1 |
| 2018-07-03 | CVE-2018-13112 | Out-of-bounds Read vulnerability in Broadcom Tcpreplay 4.3.0 get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep. | 5.0 |
| 2018-06-18 | CVE-2018-9028 | Inadequate Encryption Strength vulnerability in Broadcom Privileged Access Manager Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. | 5.0 |
| 2018-06-18 | CVE-2018-9026 | Session Fixation vulnerability in Broadcom Privileged Access Manager A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. | 5.0 |
| 2018-06-18 | CVE-2018-9025 | Improper Input Validation vulnerability in Broadcom Privileged Access Manager An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. | 5.0 |