Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Broadcom Subscribe
Total 444 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-5472 1 Broadcom 1 Host-based Intrusion Prevention System 2021-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Server component in CA Host-Based Intrusion Prevention System (HIPS) before 8.0.0.93 allows remote attackers to inject arbitrary web script or HTML via requests that are written to logs for later display in the log viewer.
CVE-2007-6406 1 Broadcom 1 Etrust Threat Management Console 2021-04-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly Computer Associates) eTrust Threat Management Console allow remote attackers to inject arbitrary web script or HTML via the IP Address field and other unspecified fields.
CVE-2007-5923 1 Broadcom 1 Etrust Siteminder 2021-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in CA (formerly Computer Associates) eTrust SiteMinder Agent allows remote attackers to inject arbitrary web script or HTML via the SMAUTHREASON parameter, a different vector than CVE-2005-2204.
CVE-2005-2204 1 Broadcom 1 Etrust Siteminder 2021-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors.
CVE-2006-4901 1 Broadcom 4 Etrust Audit Client, Etrust Audit Datatools, Etrust Audit Policy Manager and 1 more 2021-04-09 6.4 MEDIUM N/A
Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments.
CVE-2006-4900 1 Broadcom 1 Etrust Security Command Center 2021-04-09 5.5 MEDIUM N/A
Directory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via ".." sequences in the eSCCAdHocHtmlFile parameter to eSMPAuditServlet, which is not properly handled by the getadhochtml function.
CVE-2006-4899 1 Broadcom 1 Etrust Security Command Center 2021-04-09 5.0 MEDIUM N/A
The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message.
CVE-2007-2522 1 Broadcom 3 Antispyware For The Enterprise, Etrust Integrated Threat Management, Etrust Pestpatrol 2021-04-09 10.0 HIGH N/A
Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password.
CVE-2005-0968 1 Broadcom 1 Etrust Intrusion Detection 2021-04-09 5.0 MEDIUM N/A
Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API.
CVE-2007-1005 2 Broadcom, Ca 2 Etrust Intrusion Detection, Etrust Intrusion Detection 2021-04-09 7.8 HIGH N/A
Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp).
CVE-2007-5439 1 Broadcom 1 Etrust Integrated Threat Management 2021-04-09 5.0 MEDIUM N/A
CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stores sensitive user information in log files with predictable names, which allows remote attackers to obtain this information via unspecified vectors.
CVE-2007-5437 1 Broadcom 1 Etrust Integrated Threat Management 2021-04-09 5.8 MEDIUM N/A
The web console in CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689.
CVE-2007-3302 2 Broadcom, Ca 2 Etrust Intrusion Detection, Etrust Intrusion Detection 2021-04-09 9.3 HIGH N/A
The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified "scriptable functions."
CVE-2000-0559 1 Broadcom 1 Etrust Intrusion Detection 2021-04-09 2.1 LOW N/A
eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows local users to easily decrypt the passwords.
CVE-2004-1149 1 Broadcom 1 Etrust Ez Antivirus 2021-04-09 7.2 HIGH N/A
Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe.
CVE-2007-3695 1 Broadcom 1 Erwin Process Modeler 2021-04-09 10.0 HIGH N/A
Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhaps the issue does not cross privilege boundaries and should not be included in CVE.
CVE-2000-0762 2 Broadcom, Ca 2 Etrust Access Control, Etrust Access Control 2021-04-09 10.0 HIGH N/A
The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges.
CVE-2005-3372 1 Broadcom 1 Etrust Antivirus 2021-04-09 5.1 MEDIUM N/A
Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
CVE-2005-3225 1 Broadcom 2 Etrust Antivirus, Etrust Antivirus Iris Engine 2021-04-09 5.1 MEDIUM N/A
Multiple interpretation error in unspecified versions of (1) eTrust-Iris and (2) eTrust-Vet Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
CVE-2007-5435 1 Broadcom 1 Erwin Process Modeler 2021-04-09 4.3 MEDIUM N/A
Unspecified vulnerability in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.2 might allow user-assisted remote attackers to cause a denial of service via a crafted Data Standards File (Datatype Standards File).