Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2006-5143

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-06 Oct, 2006 | 20:00
Updated At-07 Aug, 2024 | 19:41
Rejected At-
Credits

Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:06 Oct, 2006 | 20:00
Updated At:07 Aug, 2024 | 19:41
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/447862/100/100/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/22285
third-party-advisory
x_refsource_SECUNIA
http://www.zerodayinitiative.com/advisories/ZDI-06-031.html
x_refsource_MISC
http://www.lssec.com/advisories/LS-20060330.pdf
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/29364
vdb-entry
x_refsource_XF
http://www.securityfocus.com/archive/1/447930/100/200/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.lssec.com/advisories/LS-20060313.pdf
x_refsource_MISC
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693
x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/361792
third-party-advisory
x_refsource_CERT-VN
http://www.securityfocus.com/archive/1/447926/100/200/threaded
mailing-list
x_refsource_BUGTRAQ
http://securitytracker.com/id?1017004
vdb-entry
x_refsource_SECTRACK
http://www.kb.cert.org/vuls/id/860048
third-party-advisory
x_refsource_CERT-VN
http://www.vupen.com/english/advisories/2006/3930
vdb-entry
x_refsource_VUPEN
http://www.lssec.com/advisories/LS-20060220.pdf
x_refsource_MISC
http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744
x_refsource_CONFIRM
http://www.securityfocus.com/bid/20365
vdb-entry
x_refsource_BID
http://www.zerodayinitiative.com/advisories/ZDI-06-030.html
x_refsource_MISC
http://www.securityfocus.com/archive/1/447847/100/200/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/447927/100/200/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.tippingpoint.com/security/advisories/TSRT-06-11.html
x_refsource_MISC
http://securitytracker.com/id?1017006
vdb-entry
x_refsource_SECTRACK
http://securitytracker.com/id?1017003
vdb-entry
x_refsource_SECTRACK
http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744
x_refsource_CONFIRM
http://securitytracker.com/id?1017005
vdb-entry
x_refsource_SECTRACK
http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/447839/100/100/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/447848/100/100/threaded
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/447862/100/100/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/22285
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-06-031.html
Resource:
x_refsource_MISC
Hyperlink: http://www.lssec.com/advisories/LS-20060330.pdf
Resource:
x_refsource_MISC
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/29364
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/archive/1/447930/100/200/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.lssec.com/advisories/LS-20060313.pdf
Resource:
x_refsource_MISC
Hyperlink: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.kb.cert.org/vuls/id/361792
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.securityfocus.com/archive/1/447926/100/200/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://securitytracker.com/id?1017004
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.kb.cert.org/vuls/id/860048
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.vupen.com/english/advisories/2006/3930
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.lssec.com/advisories/LS-20060220.pdf
Resource:
x_refsource_MISC
Hyperlink: http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/20365
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-06-030.html
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/archive/1/447847/100/200/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/447927/100/200/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.tippingpoint.com/security/advisories/TSRT-06-11.html
Resource:
x_refsource_MISC
Hyperlink: http://securitytracker.com/id?1017006
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://securitytracker.com/id?1017003
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744
Resource:
x_refsource_CONFIRM
Hyperlink: http://securitytracker.com/id?1017005
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/archive/1/447839/100/100/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/447848/100/100/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/447862/100/100/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/22285
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.zerodayinitiative.com/advisories/ZDI-06-031.html
x_refsource_MISC
x_transferred
http://www.lssec.com/advisories/LS-20060330.pdf
x_refsource_MISC
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/29364
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/archive/1/447930/100/200/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.lssec.com/advisories/LS-20060313.pdf
x_refsource_MISC
x_transferred
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693
x_refsource_CONFIRM
x_transferred
http://www.kb.cert.org/vuls/id/361792
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.securityfocus.com/archive/1/447926/100/200/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://securitytracker.com/id?1017004
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.kb.cert.org/vuls/id/860048
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.vupen.com/english/advisories/2006/3930
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.lssec.com/advisories/LS-20060220.pdf
x_refsource_MISC
x_transferred
http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/20365
vdb-entry
x_refsource_BID
x_transferred
http://www.zerodayinitiative.com/advisories/ZDI-06-030.html
x_refsource_MISC
x_transferred
http://www.securityfocus.com/archive/1/447847/100/200/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/archive/1/447927/100/200/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.tippingpoint.com/security/advisories/TSRT-06-11.html
x_refsource_MISC
x_transferred
http://securitytracker.com/id?1017006
vdb-entry
x_refsource_SECTRACK
x_transferred
http://securitytracker.com/id?1017003
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744
x_refsource_CONFIRM
x_transferred
http://securitytracker.com/id?1017005
vdb-entry
x_refsource_SECTRACK
x_transferred
http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/archive/1/447839/100/100/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/archive/1/447848/100/100/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/447862/100/100/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/22285
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-06-031.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.lssec.com/advisories/LS-20060330.pdf
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/29364
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/447930/100/200/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.lssec.com/advisories/LS-20060313.pdf
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/361792
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/447926/100/200/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://securitytracker.com/id?1017004
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/860048
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/3930
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.lssec.com/advisories/LS-20060220.pdf
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/20365
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-06-030.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/447847/100/200/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/447927/100/200/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.tippingpoint.com/security/advisories/TSRT-06-11.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://securitytracker.com/id?1017006
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://securitytracker.com/id?1017003
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://securitytracker.com/id?1017005
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/447839/100/100/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/447848/100/100/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:10 Oct, 2006 | 04:06
Updated At:09 Apr, 2021 | 18:54

Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Broadcom Inc.
broadcom
>>brightstor_arcserve_backup>>Versions up to 11.5(inclusive)
cpe:2.3:a:broadcom:brightstor_arcserve_backup:*:sp1:*:*:*:*:*:*
Broadcom Inc.
broadcom
>>brightstor_arcserve_backup>>9.01
cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*
Broadcom Inc.
broadcom
>>brightstor_arcserve_backup>>11.1
cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
Broadcom Inc.
broadcom
>>brightstor_enterprise_backup>>10.5
cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*
Broadcom Inc.
broadcom
>>business_protection_suite>>2.0
cpe:2.3:a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:*
Broadcom Inc.
broadcom
>>server_protection_suite>>2
cpe:2.3:a:broadcom:server_protection_suite:2:*:*:*:*:*:*:*
CA Technologies (Broadcom Inc.)
ca
>>brightstor_arcserve_backup>>11
cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/22285cve@mitre.org
Vendor Advisory
http://securitytracker.com/id?1017003cve@mitre.org
N/A
http://securitytracker.com/id?1017004cve@mitre.org
N/A
http://securitytracker.com/id?1017005cve@mitre.org
N/A
http://securitytracker.com/id?1017006cve@mitre.org
N/A
http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.aspcve@mitre.org
Patch
http://www.kb.cert.org/vuls/id/361792cve@mitre.org
US Government Resource
http://www.kb.cert.org/vuls/id/860048cve@mitre.org
US Government Resource
http://www.lssec.com/advisories/LS-20060220.pdfcve@mitre.org
N/A
http://www.lssec.com/advisories/LS-20060313.pdfcve@mitre.org
N/A
http://www.lssec.com/advisories/LS-20060330.pdfcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/447839/100/100/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/447847/100/200/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/447848/100/100/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/447862/100/100/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/447926/100/200/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/447927/100/200/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/447930/100/200/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/20365cve@mitre.org
N/A
http://www.tippingpoint.com/security/advisories/TSRT-06-11.htmlcve@mitre.org
Patch
http://www.vupen.com/english/advisories/2006/3930cve@mitre.org
Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-06-030.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-06-031.htmlcve@mitre.org
Vendor Advisory
http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744cve@mitre.org
N/A
http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744cve@mitre.org
N/A
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/29364cve@mitre.org
N/A
Hyperlink: http://secunia.com/advisories/22285
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1017003
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1017004
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1017005
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1017006
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.kb.cert.org/vuls/id/361792
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.kb.cert.org/vuls/id/860048
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.lssec.com/advisories/LS-20060220.pdf
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.lssec.com/advisories/LS-20060313.pdf
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.lssec.com/advisories/LS-20060330.pdf
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/447839/100/100/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/447847/100/200/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/447848/100/100/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/447862/100/100/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/447926/100/200/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/447927/100/200/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/447930/100/200/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/20365
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.tippingpoint.com/security/advisories/TSRT-06-11.html
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.vupen.com/english/advisories/2006/3930
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-06-030.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-06-031.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/29364
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1457Records found
CVE-2018-9029
Matching Score-8
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-8
Assigner-CA Technologies - A Broadcom Company
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 66.27%
||
7 Day CHG~0.00%
Published-18 Jun, 2018 | 18:00
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.

Action-Not Available
Vendor-Broadcom Inc.
Product-privileged_access_managerCA Privileged Access Manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-9021
Matching Score-8
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-8
Assigner-CA Technologies - A Broadcom Company
CVSS Score-9.8||CRITICAL
EPSS-17.64% / 94.84%
||
7 Day CHG~0.00%
Published-18 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.

Action-Not Available
Vendor-Broadcom Inc.
Product-privileged_access_managerCA Privileged Access Manager
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-9022
Matching Score-8
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-8
Assigner-CA Technologies - A Broadcom Company
CVSS Score-9.8||CRITICAL
EPSS-31.16% / 96.60%
||
7 Day CHG~0.00%
Published-18 Jun, 2018 | 18:00
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.

Action-Not Available
Vendor-Broadcom Inc.
Product-privileged_access_managerCA Privileged Access Manager
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-6446
Matching Score-8
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-8
Assigner-Brocade Communications Systems, LLC
CVSS Score-9.8||CRITICAL
EPSS-0.85% / 73.95%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 17:43
Updated-05 Aug, 2024 | 06:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brocade_network_advisorBrocade Network Advisor
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-5241
Matching Score-8
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-8
Assigner-Symantec - A Division of Broadcom
CVSS Score-9.8||CRITICAL
EPSS-9.75% / 92.64%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 13:00
Updated-17 Sep, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles.

Action-Not Available
Vendor-Broadcom Inc.Symantec Corporation
Product-advanced_secure_gatewaysymantec_proxysgProxySGAdvanced Secure Gateway (ASG)
CVE-2018-19635
Matching Score-8
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-8
Assigner-CA Technologies - A Broadcom Company
CVSS Score-9.8||CRITICAL
EPSS-0.49% / 64.61%
||
7 Day CHG~0.00%
Published-22 Jan, 2019 | 15:00
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface.

Action-Not Available
Vendor-Broadcom Inc.
Product-service_desk_managerCA Service Desk Manager
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-18408
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.34% / 56.26%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 04:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.

Action-Not Available
Vendor-n/aFedora ProjectBroadcom Inc.
Product-tcpreplayfedoran/a
CWE ID-CWE-416
Use After Free
CVE-2018-15691
Matching Score-8
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-8
Assigner-CA Technologies - A Broadcom Company
CVSS Score-9.8||CRITICAL
EPSS-47.55% / 97.62%
||
7 Day CHG~0.00%
Published-30 Aug, 2018 | 14:00
Updated-16 Sep, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.

Action-Not Available
Vendor-Broadcom Inc.
Product-release_automationRelease Automation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-13824
Matching Score-8
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-8
Assigner-CA Technologies - A Broadcom Company
CVSS Score-9.8||CRITICAL
EPSS-0.71% / 71.22%
||
7 Day CHG~0.00%
Published-30 Aug, 2018 | 14:00
Updated-17 Sep, 2024 | 02:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.

Action-Not Available
Vendor-Broadcom Inc.
Product-project_portfolio_managementPPM
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-13821
Matching Score-8
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-8
Assigner-CA Technologies - A Broadcom Company
CVSS Score-9.8||CRITICAL
EPSS-5.02% / 89.32%
||
7 Day CHG~0.00%
Published-30 Aug, 2018 | 14:00
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing.

Action-Not Available
Vendor-
Product-unified_infrastructure_managementUnified Infrastructure Management
CWE ID-CWE-287
Improper Authentication
CVE-2017-9417
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-42.67% / 97.38%
||
7 Day CHG~0.00%
Published-03 Jun, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-bcm4354_wi-fi_chipsetbcm4358_wi-fi_chipsetbcm4359_wi-fi_chipsetbcm43xx_wi-fi_chipset_firmwaren/a
CVE-2022-33754
Matching Score-8
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-8
Assigner-CA Technologies - A Broadcom Company
CVSS Score-9.8||CRITICAL
EPSS-1.71% / 81.59%
||
7 Day CHG~0.00%
Published-16 Jun, 2022 | 21:23
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-ca_automic_automationCA Automic Automation
CWE ID-CWE-20
Improper Input Validation
CVE-2004-2478
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.68% / 87.44%
||
7 Day CHG~0.00%
Published-21 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

Action-Not Available
Vendor-jettyn/aIBM CorporationCA Technologies (Broadcom Inc.)
Product-trading_partner_interchangejetty_http_serverunicenter_web_services_distributed_managementn/a
CVE-2021-27797
Matching Score-8
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-8
Assigner-Brocade Communications Systems, LLC
CVSS Score-9.8||CRITICAL
EPSS-0.30% / 52.39%
||
7 Day CHG-0.11%
Published-21 Feb, 2022 | 17:49
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-fabric_operating_systemBrocade Fabric OS
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-33750
Matching Score-8
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-8
Assigner-CA Technologies - A Broadcom Company
CVSS Score-9.8||CRITICAL
EPSS-1.15% / 77.60%
||
7 Day CHG~0.00%
Published-16 Jun, 2022 | 21:20
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-ca_automic_automationCA Automic Automation
CWE ID-CWE-287
Improper Authentication
CVE-2011-1719
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-16.64% / 94.66%
||
7 Day CHG~0.00%
Published-27 Apr, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the Web Viewer ActiveX controls in CA Output Management Web Viewer 11.0 and 11.5 allow remote attackers to execute arbitrary code via (1) a long SRC property value to the PPSViewer ActiveX control in PPSView.ocx before 1.0.0.7 or (2) a long Title property value to the UOMWV_Helper ActiveX control in UOMWV_HelperActiveX.ocx before 11.5.0.1.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-output_management_web_viewern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1223
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-37.55% / 97.08%
||
7 Day CHG~0.00%
Published-07 Apr, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service.

Action-Not Available
Vendor-n/aCA Technologies (Broadcom Inc.)
Product-xosoft_content_distributionxosoft_replicationxosoft_high_availabilityn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-4225
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-61.45% / 98.26%
||
7 Day CHG~0.00%
Published-08 Dec, 2009 | 18:00
Updated-07 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the PestPatrol ActiveX control (ppctl.dll) 5.6.7.9 in CA eTrust PestPatrol allows remote attackers to execute arbitrary code via a long argument to the Initialize method.

Action-Not Available
Vendor-n/a
Product-etrust_pestpatrole_ppctl.dll_activexn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2026
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-25.56% / 96.02%
||
7 Day CHG~0.00%
Published-10 Aug, 2009 | 18:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data.

Action-Not Available
Vendor-n/a
Product-it_client_manageradvantage_data_transportsoftware_deliveryunicenter_software_deliveryn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-14266
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.78% / 81.93%
||
7 Day CHG~0.00%
Published-12 Sep, 2017 | 08:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file, a related issue to CVE-2016-6160.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-tcpreplayn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-23615
Matching Score-6
Assigner-Exodus Intelligence
ShareView Details
Matching Score-6
Assigner-Exodus Intelligence
CVSS Score-10||CRITICAL
EPSS-6.30% / 90.57%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 23:32
Updated-29 May, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symantec Messaging Gateway Buffer Overflow

A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.

Action-Not Available
Vendor-Symantec CorporationBroadcom Inc.
Product-symantec_messaging_gatewayMessaging Gateway
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-23614
Matching Score-6
Assigner-Exodus Intelligence
ShareView Details
Matching Score-6
Assigner-Exodus Intelligence
CVSS Score-10||CRITICAL
EPSS-2.13% / 83.48%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 23:32
Updated-05 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symantec Messaging Gateway Buffer Overflow

A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.

Action-Not Available
Vendor-Broadcom Inc.Symantec Corporation
Product-symantec_messaging_gatewayMessaging Gateway
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2008-1328
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-16.74% / 94.68%
||
7 Day CHG~0.00%
Published-07 Apr, 2008 | 18:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified "command arguments."

Action-Not Available
Vendor-computer_associatesn/aBroadcom Inc.
Product-arcserve_backup_laptops_and_desktopsdesktop_management_suiten/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5003
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-82.08% / 99.16%
||
7 Day CHG~0.00%
Published-01 Oct, 2007 | 20:00
Updated-07 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_arcserve_backup_laptops_desktopsdesktop_management_suiteprotection_suitesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5330
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-25.02% / 95.96%
||
7 Day CHG~0.00%
Published-13 Oct, 2007 | 00:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to (1) execute arbitrary code via stack-based buffer overflows in unspecified RPC procedures, and (2) trigger memory corruption related to the use of "handle" RPC arguments as pointers.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_arcserve_backupbrightstor_enterprise_backupn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-399
Not Available
CVE-2007-5327
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-32.12% / 96.67%
||
7 Day CHG~0.00%
Published-13 Oct, 2007 | 00:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the RPC interface for the Message Engine (mediasvr.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a long argument in the 0x10d opnum.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_arcserve_backupbrightstor_enterprise_backupn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3317
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.06% / 18.37%
||
7 Day CHG~0.00%
Published-17 Jun, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aCA Technologies (Broadcom Inc.)Linux Kernel Organization, IncIBM CorporationOracle CorporationHP Inc.
Product-universal_job_management_agentnsm_job_management_optionsolarislinux_kernelclient_automationhp-uxnetwork_and_systems_managementvirtual_assurance_for_infrastructure_managersworkload_automation_aeaixn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5326
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-28.65% / 96.36%
||
7 Day CHG~0.00%
Published-13 Oct, 2007 | 00:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_arcserve_backupserver_protection_suitebusiness_protection_suitebrightstor_enterprise_backupn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5083
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-38.07% / 97.11%
||
7 Day CHG~0.00%
Published-01 Oct, 2007 | 20:00
Updated-07 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands that trigger a heap-based buffer overflow.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_hierarchical_storage_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5082
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-70.51% / 98.63%
||
7 Day CHG~0.00%
Published-01 Oct, 2007 | 20:00
Updated-07 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands with certain opcodes, related to missing validation of a length parameter.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_hierarchical_storage_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-4620
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-75.81% / 98.86%
||
7 Day CHG~0.00%
Published-07 Apr, 2008 | 18:00
Updated-07 Aug, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_arcserve_backupthreat_manager_for_the_enterpriseanti-virus_for_the_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-3216
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-60.17% / 98.20%
||
7 Day CHG~0.00%
Published-14 Jun, 2007 | 22:00
Updated-07 Aug, 2024 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to the (1) rxsAddNewUser, (2) rxsSetUserInfo, (3) rxsRenameUser, (4) rxsSetMessageLogSettings, (5) rxsExportData, (6) rxsSetServerOptions, (7) rxsRenameFile, (8) rxsACIManageSend, (9) rxsExportUser, (10) rxsImportUser, (11) rxsMoveUserData, (12) rxsUseLicenseIni, (13) rxsLicGetSiteId, (14) rxsGetLogFileNames, (15) rxsGetBackupLog, (16) rxsBackupComplete, (17) rxsSetDataProtectionSecurityData, (18) rxsSetDefaultConfigName, (19) rxsGetMessageLogSettings, (20) rxsHWDiskGetTotal, (21) rxsHWDiskGetFree, (22) rxsGetSubDirs, (23) rxsGetServerDBPathName, (24) rxsSetServerOptions, (25) rxsDeleteFile, (26) rxsACIManageSend, (27) rxcReadBackupSetList, (28) rxcWriteConfigInfo, (29) rxcSetAssetManagement, (30) rxcWriteFileListForRestore, (31) rxcReadSaveSetProfile, (32) rxcInitSaveSetProfile, (33) rxcAddSaveSetNextAppList, (34) rxcAddSaveSetNextFilesPathList, (35) rxcAddNextBackupSetIncWildCard, (36) rxcGetRevisions, (37) rxrAddMovedUser, (38) rxrSetClientVersion, or (39) rxsSetDataGrowthScheduleAndFilter commands.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_arcserve_backup_laptops_desktopsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-2522
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-44.39% / 97.47%
||
7 Day CHG~0.00%
Published-11 May, 2007 | 03:55
Updated-07 Aug, 2024 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-etrust_pestpatroletrust_integrated_threat_managementantispyware_for_the_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-0673
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.31% / 78.94%
||
7 Day CHG~0.00%
Published-03 Feb, 2007 | 01:00
Updated-07 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops r11.1 allows remote attackers to cause a denial of service (daemon crash) via a value of 0xFFFFFFFF at a certain point in an authentication negotiation packet, which results in an out-of-bounds read.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-desktop_protection_suitebrightstor_arcserve_backup_laptops_desktopsbusiness_protection_suitedesktop_management_suiten/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-0449
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-81.66% / 99.14%
||
7 Day CHG~0.00%
Published-23 Jan, 2007 | 21:00
Updated-07 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via crafted packets to TCP port (1) 1900 or (2) 2200.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-desktop_protection_suitedesktop_management_suitebusiness_protection_suitebrightstor_arcserve_backup_laptops_desktopsbrightstor_mobile_backupn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11120
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-24.37% / 95.89%
||
7 Day CHG~0.00%
Published-27 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204.

Action-Not Available
Vendor-n/aBroadcom Inc.Apple Inc.
Product-iphone_ostvosbcm4355c0bcm4355c0_firmwaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-5882
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-21.67% / 95.52%
||
7 Day CHG~0.00%
Published-14 Nov, 2006 | 19:00
Updated-07 Aug, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field.

Action-Not Available
Vendor-n/aBroadcom Inc.Linksys Holdings, Inc.
Product-bcmwl5.sys_wireless_device_driverwpc300n_wireless-n_notebook_adapter_drivern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-6956
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.43% / 61.61%
||
7 Day CHG~0.00%
Published-05 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE).

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-hardmac_wi-fi_sochardmac_wi-fi_soc_firmwaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2005-3653
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-30.44% / 96.54%
||
7 Day CHG~0.00%
Published-23 Jan, 2006 | 20:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.

Action-Not Available
Vendor-n/aBroadcom Inc.CA Technologies (Broadcom Inc.)
Product-brightstor_enterprise_backupunicenter_service_fulfillmentetrust_secure_content_manageretrust_integrated_threat_managementunicenter_web_services_distributed_managementunicenter_managementbrightstor_portalunicenter_service_catalog_fulfillment_accountingetrust_identity_minderbrightstor_arcserve_backup_laptops_desktopsunicenter_ca_web_services_distributed_managementetrust_audit_irecorderbrightstor_arcserve_backupunicenter_exchange_management_consoleetrust_audit_ariesunicenter_service_metric_analysisbrightstor_process_automation_managerunicenter_service_deliverybrightstor_storage_resource_manageretrust_directoryunicenter_service_deskunicenter_service_desk_knowledge_toolsunicenter_application_server_managmentbrightstor_san_manageretrust_adminunicenter_service_level_managementunicenter_autosys_jmitechnology_igatewayunicenter_asset_portfolio_managementunicenter_web_server_managementunicenter_application_performance_monitorn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-8381
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.70%
||
7 Day CHG~0.00%
Published-17 Feb, 2019 | 02:00
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Action-Not Available
Vendor-n/aFedora ProjectBroadcom Inc.
Product-tcpreplayfedoran/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-2541
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-23.70% / 95.78%
||
7 Day CHG~0.00%
Published-04 Jun, 2008 | 20:00
Updated-07 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command.

Action-Not Available
Vendor-n/a
Product-etrust_secure_content_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5325
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-19.34% / 95.15%
||
7 Day CHG~0.00%
Published-13 Oct, 2007 | 00:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_arcserve_backupbrightstor_enterprise_backupn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-6957
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-14.93% / 94.28%
||
7 Day CHG~0.00%
Published-27 Mar, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to execute arbitrary code via a crafted reassociation response frame with a Cisco IE (156).

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-bcm4339_soc_firmwarebcm4339_socn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-6429
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.61% / 68.81%
||
7 Day CHG~0.00%
Published-15 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-tcpreplayn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-23613
Matching Score-6
Assigner-Exodus Intelligence
ShareView Details
Matching Score-6
Assigner-Exodus Intelligence
CVSS Score-10||CRITICAL
EPSS-7.65% / 91.51%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 23:32
Updated-29 May, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symantec Deployment Solution Remote Code Execution

A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.

Action-Not Available
Vendor-Symantec CorporationBroadcom Inc.
Product-symantec_deployment_solutionsDeployment Solution
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-23617
Matching Score-6
Assigner-Exodus Intelligence
ShareView Details
Matching Score-6
Assigner-Exodus Intelligence
CVSS Score-9.6||CRITICAL
EPSS-2.38% / 84.35%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 23:32
Updated-18 Oct, 2024 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symantec Data Loss Prevention Buffer Overflow

A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution.

Action-Not Available
Vendor-Broadcom Inc.Symantec Corporation
Product-symantec_data_center_security_serverData Loss Prevention
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-23616
Matching Score-6
Assigner-Exodus Intelligence
ShareView Details
Matching Score-6
Assigner-Exodus Intelligence
CVSS Score-10||CRITICAL
EPSS-6.30% / 90.57%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 23:32
Updated-23 Aug, 2024 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symantec Server Management Suite Buffer Overflow

A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.

Action-Not Available
Vendor-Broadcom Inc.Symantec Corporation
Product-symantec_server_management_suiteServer Management Suiteserver_management_suite
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2011-2667
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-25.24% / 95.98%
||
7 Day CHG~0.00%
Published-28 Jul, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.

Action-Not Available
Vendor-n/aBroadcom Inc.CA Technologies (Broadcom Inc.)
Product-gateway_securitytotal_defensen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11121
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.08% / 83.30%
||
7 Day CHG~0.00%
Published-27 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205.

Action-Not Available
Vendor-n/aBroadcom Inc.Apple Inc.
Product-iphone_ostvosbcm4355c0bcm4355c0_firmwaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-0016
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.93% / 91.03%
||
7 Day CHG+0.52%
Published-03 Jan, 2007 | 02:00
Updated-07 Aug, 2024 | 12:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers to execute arbitrary code via a long filename in a LST file.

Action-Not Available
Vendor-netfarern/a
Product-movieplayn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 29
  • 30
  • Next
Details not found