Vulnerabilities (CVE)

Filtered by vendor Broadcom Subscribe
Total 510 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-5083 1 Broadcom 1 Brightstor Hierarchical Storage Manager 2024-11-21 10.0 HIGH N/A
Multiple integer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands that trigger a heap-based buffer overflow.
CVE-2007-5082 1 Broadcom 1 Brightstor Hierarchical Storage Manager 2024-11-21 10.0 HIGH N/A
Multiple stack-based buffer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands with certain opcodes, related to missing validation of a length parameter.
CVE-2007-5006 2 Broadcom, Ca 3 Brightstor Arcserve Backup Laptops Desktops, Desktop Management Suite, Protection Suites 2024-11-21 10.0 HIGH N/A
Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 do not verify if a peer is authenticated, which allows remote attackers to add and delete users, and start client restores.
CVE-2007-5005 2 Broadcom, Ca 3 Brightstor Arcserve Backup Laptops Desktops, Desktop Management Suite, Protection Suites 2024-11-21 10.0 HIGH N/A
Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command.
CVE-2007-5004 2 Broadcom, Ca 3 Brightstor Arcserve Backup Laptops Desktops, Desktop Management Suite, Protection Suites 2024-11-21 9.3 HIGH N/A
Integer overflow in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to execute arbitrary code via a long username and a certain "useless" password.
CVE-2007-5003 2 Broadcom, Ca 3 Brightstor Arcserve Backup Laptops Desktops, Desktop Management Suite, Protection Suites 2024-11-21 10.0 HIGH N/A
Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function.
CVE-2007-4620 2 Broadcom, Ca 4 Anti-virus For The Enterprise, Brightstor Arcserve Backup, Brightstor Arcserve Backup and 1 more 2024-11-21 9.0 HIGH N/A
Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests.
CVE-2007-3875 2 Broadcom, Ca 23 Anti-spyware, Anti-virus For The Enterprise, Anti Virus Sdk and 20 more 2024-11-21 4.3 MEDIUM N/A
arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.
CVE-2007-3825 2 Broadcom, Ca 8 Alert Notification Server, Brightstor Arcserve Backup, Brightstor Enterprise Backup and 5 more 2024-11-21 9.3 HIGH N/A
Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures.
CVE-2007-3696 1 Broadcom 1 Erwin Data Model Validator 2024-11-21 7.8 HIGH N/A
CA ERwin Data Model Validator (formerly AllFusion Data Model Validator) allows remote attackers to (1) cause a denial of service (application hang) via a malformed .EXP database file and (2) cause a denial of service (aaplication crash) via a crafted .EXP database file, which triggers a NULL dereference.
CVE-2007-3695 1 Broadcom 1 Erwin Process Modeler 2024-11-21 10.0 HIGH N/A
Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhaps the issue does not cross privilege boundaries and should not be included in CVE.
CVE-2007-3302 2 Broadcom, Ca 2 Etrust Intrusion Detection, Etrust Intrusion Detection 2024-11-21 9.3 HIGH N/A
The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified "scriptable functions."
CVE-2007-3216 1 Broadcom 1 Brightstor Arcserve Backup Laptops Desktops 2024-11-21 10.0 HIGH N/A
Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to the (1) rxsAddNewUser, (2) rxsSetUserInfo, (3) rxsRenameUser, (4) rxsSetMessageLogSettings, (5) rxsExportData, (6) rxsSetServerOptions, (7) rxsRenameFile, (8) rxsACIManageSend, (9) rxsExportUser, (10) rxsImportUser, (11) rxsMoveUserData, (12) rxsUseLicenseIni, (13) rxsLicGetSiteId, (14) rxsGetLogFileNames, (15) rxsGetBackupLog, (16) rxsBackupComplete, (17) rxsSetDataProtectionSecurityData, (18) rxsSetDefaultConfigName, (19) rxsGetMessageLogSettings, (20) rxsHWDiskGetTotal, (21) rxsHWDiskGetFree, (22) rxsGetSubDirs, (23) rxsGetServerDBPathName, (24) rxsSetServerOptions, (25) rxsDeleteFile, (26) rxsACIManageSend, (27) rxcReadBackupSetList, (28) rxcWriteConfigInfo, (29) rxcSetAssetManagement, (30) rxcWriteFileListForRestore, (31) rxcReadSaveSetProfile, (32) rxcInitSaveSetProfile, (33) rxcAddSaveSetNextAppList, (34) rxcAddSaveSetNextFilesPathList, (35) rxcAddNextBackupSetIncWildCard, (36) rxcGetRevisions, (37) rxrAddMovedUser, (38) rxrSetClientVersion, or (39) rxsSetDataGrowthScheduleAndFilter commands.
CVE-2007-2864 2 Broadcom, Ca 13 Anti-virus For The Enterprise, Brightstor Arcserve Backup, Common Services and 10 more 2024-11-21 9.3 HIGH N/A
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.
CVE-2007-2863 2 Broadcom, Ca 6 Anti-virus For The Enterprise, Brightstor Arcserve Backup, Brightstor Enterprise Backup and 3 more 2024-11-21 10.0 HIGH N/A
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file.
CVE-2007-2523 2 Broadcom, Ca 2 Integrated Threat Management, Anti-virus For The Enterprise 2024-11-21 7.2 HIGH N/A
CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.
CVE-2007-2522 1 Broadcom 3 Antispyware For The Enterprise, Etrust Integrated Threat Management, Etrust Pestpatrol 2024-11-21 10.0 HIGH N/A
Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password.
CVE-2007-2230 1 Broadcom 1 Cleverpath Portal 2024-11-21 6.5 MEDIUM N/A
SQL injection vulnerability in CA Clever Path Portal allows remote authenticated users to execute limited SQL commands and retrieve arbitrary database contents via (1) the ofinterest parameter in a light search query, (2) description parameter in the advanced search query, and possibly other vectors.
CVE-2007-2139 2 Broadcom, Ca 5 Brightstor Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more 2024-11-21 10.0 HIGH N/A
Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.
CVE-2007-1785 2 Broadcom, Ca 2 Brightstor Arcserve Backup, Brightstor Arcserve Backup 2024-11-21 7.1 HIGH N/A
The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.