Vulnerabilities > Broadcom > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-02-14 | CVE-2014-1219 | Improper Input Validation vulnerability in Broadcom 2E web Option R8.1.2 CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm. | 5.1 |
| 2012-03-22 | CVE-2012-1662 | Improper Input Validation vulnerability in Broadcom Arcserve Backup R16.0 CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network request. | 5.0 |
| 2011-11-19 | CVE-2011-3849 | Unspecified vulnerability in Broadcom Directory 8.1/R12 Unspecified vulnerability in dxserver before 6279 in CA Directory 8.1 and CA Directory r12 before SP7 CR1 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP packet. | 5.0 |
| 2008-10-14 | CVE-2008-4400 | Improper Input Validation vulnerability in multiple products Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation." | 5.0 |
| 2008-10-14 | CVE-2008-4399 | Improper Input Validation vulnerability in multiple products Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation." | 5.0 |
| 2008-10-14 | CVE-2008-4398 | Improper Input Validation vulnerability in multiple products Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request. | 5.0 |
| 2008-09-27 | CVE-2008-4119 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "multiple web forms." | 4.3 |
| 2008-04-27 | CVE-2008-1979 | Numeric Errors vulnerability in Broadcom Brightstor Arcserve Backup The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to TCP port 41523, which triggers a buffer over-read. | 5.0 |
| 2007-12-17 | CVE-2007-6406 | Cross-Site Scripting vulnerability in Broadcom Etrust Threat Management Console Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly Computer Associates) eTrust Threat Management Console allow remote attackers to inject arbitrary web script or HTML via the IP Address field and other unspecified fields. | 4.3 |
| 2007-11-10 | CVE-2007-5923 | Cross-Site Scripting vulnerability in Broadcom Etrust Siteminder Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in CA (formerly Computer Associates) eTrust SiteMinder Agent allows remote attackers to inject arbitrary web script or HTML via the SMAUTHREASON parameter, a different vector than CVE-2005-2204. | 4.3 |