Filtered by vendor Broadcom
Subscribe
Total
563 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16206 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information. | |||||
| CVE-2019-16205 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
| A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal. | |||||
| CVE-2019-16204 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server. | |||||
| CVE-2019-16203 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client. | |||||
| CVE-2019-15126 | 2 Apple, Broadcom | 15 Ipados, Iphone Os, Mac Os X and 12 more | 2024-11-21 | 2.9 LOW | 3.1 LOW |
| An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. | |||||
| CVE-2019-13658 | 1 Broadcom | 1 Network Flow Analysis | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. | |||||
| CVE-2019-13657 | 1 Broadcom | 2 Ca Performance Management, Network Operations | 2024-11-21 | 6.5 MEDIUM | 9.8 CRITICAL |
| CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. | |||||
| CVE-2019-13656 | 1 Broadcom | 2 Ca Client Automation, Ca Workload Automation Ae | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code. | |||||
| CVE-2018-9029 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. | |||||
| CVE-2018-9028 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. | |||||
| CVE-2018-9026 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. | |||||
| CVE-2018-9025 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. | |||||
| CVE-2018-9024 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file. | |||||
| CVE-2018-9023 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script. | |||||
| CVE-2018-9022 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file. | |||||
| CVE-2018-9021 | 1 Broadcom | 1 Privileged Access Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. | |||||
| CVE-2018-6590 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. | |||||
| CVE-2018-6449 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers | |||||
| CVE-2018-6448 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host. | |||||
| CVE-2018-6447 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account. | |||||