ReportizFlow
Filtered by vendor Broadcom
Subscriptions
Total
666 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0935 | 11 Archive Zip, Broadcom, Ca and 8 more | 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more | 2026-04-16 | N/A |
| Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. | ||||
| CVE-2024-36458 | 1 Broadcom | 1 Symantec Privileged Access Management | 2026-04-15 | N/A |
| The vulnerability allows a malicious low-privileged PAM user to perform server upgrade related actions. | ||||
| CVE-2024-36459 | 1 Broadcom | 1 Symantec Siteminder | 2026-04-15 | N/A |
| A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser. | ||||
| CVE-2025-24506 | 1 Broadcom | 1 Symantec Privileged Access Management | 2026-04-15 | N/A |
| A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types. | ||||
| CVE-2025-24500 | 1 Broadcom | 1 Symantec Privileged Access Management | 2026-04-15 | N/A |
| The vulnerability allows an unauthenticated attacker to access information in PAM database. | ||||
| CVE-2025-36553 | 2 Broadcom, Dell | 2 Bcm5820x, Controlvault3 | 2026-04-15 | 8.8 High |
| A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. | ||||
| CVE-2025-24502 | 1 Broadcom | 1 Symantec Privileged Access Management | 2026-04-15 | N/A |
| An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address. | ||||
| CVE-2024-36455 | 1 Broadcom | 1 Symantec Privileged Access Management | 2026-04-15 | N/A |
| An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. | ||||
| CVE-2025-24504 | 1 Broadcom | 1 Symantec Privileged Access Management | 2026-04-15 | N/A |
| An improper input validation the CSRF filter results in unsanitized user input written to the application logs. | ||||
| CVE-2025-10847 | 1 Broadcom | 1 Unified Infrastructure Management | 2026-04-15 | N/A |
| DX Unified Infrastructure Management (Nimsoft/UIM) and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system. | ||||
| CVE-2025-31649 | 2 Broadcom, Dell | 2 Bcm5820x, Controlvault3 | 2026-04-15 | 8.7 High |
| A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call to trigger this vulnerability. | ||||
| CVE-2025-13918 | 2 Broadcom, Symantec | 2 Symantec Endpoint Protection, Endpoint Protection | 2026-04-15 | 6.7 Medium |
| Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2025-13917 | 2 Broadcom, Symantec | 2 Web Security Services Agent, Web Security | 2026-04-15 | 7 High |
| WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2024-38492 | 1 Broadcom | 1 Symantec Privileged Access Management | 2026-04-15 | N/A |
| This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | ||||
| CVE-2025-36460 | 3 Broadcom, Dell, Microsoft | 3 Bcm5820x, Controllvault3, Windows | 2026-04-15 | 7.3 High |
| Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 2 (`WBIO_USH_GET_IDENTITY`) with an improper `ReceiveBuferSize` value. | ||||
| CVE-2025-24501 | 1 Broadcom | 1 Symantec Privileged Access Management | 2026-04-15 | N/A |
| An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request. | ||||
| CVE-2025-36463 | 3 Broadcom, Dell, Microsoft | 3 Bcm5820x, Controlvault3, Windows | 2026-04-15 | 7.3 High |
| Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 4 (`WBIO_USH_ADD_RECORD`) and with an invalid `SendBufferSize`. | ||||
| CVE-2025-36462 | 2 Broadcom, Dell | 2 Bcm5820x, Controlvault3 | 2026-04-15 | 7.3 High |
| Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 3 (`WBIO_USH_CREATE_CHALLENGE`) with an invalid `ReceiveBuferSize`. | ||||
| CVE-2025-36461 | 2 Broadcom, Dell | 2 Bcm5820x, Controlvault3 | 2026-04-15 | 7.3 High |
| Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 0 (`WBIO_USH_GET_TEMPLATE`) and with either and an invalid `ReceiveBuferSize` and/or an invalid `SendBufferSize`. | ||||
| CVE-2025-32089 | 2 Broadcom, Dell | 2 Bcm5820x, Controlvault3 | 2026-04-15 | 8.8 High |
| A buffer overflow vulnerability exists in the CvManager_SBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to a arbitrary code execution. An attacker can issue an api call to trigger this vulnerability. | ||||