Broadcom Brightstor Arcserve Backup vulnerabilities
41 known vulnerabilities affecting broadcom/brightstor_arcserve_backup.
Total CVEs
41
CISA KEV
0
Public exploits
21
Exploited in wild
0
Severity breakdown
CRITICAL21HIGH16MEDIUM3LOW1
Vulnerabilities
Page 2 of 3
CVE-2005-3653P3CRITICALCVSS 10.0v9.01v11.1+1 more2005-12-31
CVE-2005-3653 [CRITICAL] CWE-119 CVE-2005-3653: Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.
nvd
CVE-2007-3825P3CRITICALCVSS 9.3v9.01v11.1+1 more2007-07-18
CVE-2007-3825 [CRITICAL] CVE-2007-3825: Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA
Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certa
nvd
CVE-2006-5171P3CRITICALCVSS 10.0≤ 11.5v9.012007-01-16
CVE-2006-5171 [CRITICAL] CVE-2006-5171: Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brights
Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe Overflow," a different vulnerability than CVE-2006-5172.
nvd
CVE-2007-5331P3CRITICALCVSS 10.0v9.01v11.1+1 more2007-10-13
CVE-2007-5331 [CRITICAL] CWE-94 CVE-2007-5331: Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 thro
Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup to dereference arbitrary pointers.
nvd
CVE-2007-5330P3CRITICALCVSS 10.0v9.01v10.5+3 more2007-10-13
CVE-2007-5330 [CRITICAL] CWE-119 CVE-2007-5330: The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r1
The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to (1) execute arbitrary code via stack-based buffer overflows in unspecified RPC procedures, and (2) trigger memory corruption related to the use of "handle" RPC arguments as pointers.
nvd
CVE-2008-2241P3CRITICALCVSS 10.0v11.1v11.52008-05-21
CVE-2008-2241 [CRITICAL] CWE-22 CVE-2008-2241: Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5
Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writ
nvd
CVE-2007-2863P3CRITICALCVSS 10.0v9.01v11.1+1 more2007-06-06
CVE-2007-2863 [CRITICAL] CVE-2007-2863: Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (form
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file.
nvd
CVE-2006-5172P3CRITICALCVSS 10.0≤ 11.5v9.012007-01-16
CVE-2006-5172 [CRITICAL] CVE-2006-5172: Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brights
Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe String Handling Overflow," a different vulnerability than CVE-2006-5
nvd
CVE-2008-3175P3CRITICALCVSS 10.0v11.1v11.52008-08-01
CVE-2008-3175 [CRITICAL] CWE-189 CVE-2008-3175: Integer underflow in rxRPC.dll in the LGServer service in the server in CA ARCserve Backup for Lapto
Integer underflow in rxRPC.dll in the LGServer service in the server in CA ARCserve Backup for Laptops and Desktops 11.0 through 11.5 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted message that triggers a buffer overflow.
nvd
CVE-2006-5142P3HIGHCVSS 7.5v11.52006-10-10
CVE-2006-5142 [HIGH] CWE-119 CVE-2006-5142: Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 client and server allows remote a
Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 client and server allows remote attackers to execute arbitrary code via long messages to the CheyenneDS Mailslot.
nvd
CVE-2007-5325P3CRITICALCVSS 10.0v9.01v10.5+3 more2007-10-13
CVE-2007-5325 [CRITICAL] CWE-119 CVE-2007-5325: Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll in CA BrightStor ARCServe Bac
Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.
nvd
CVE-2007-5326P3CRITICALCVSS 10.0v9.01v11.1+1 more2007-10-13
CVE-2007-5326 [CRITICAL] CWE-119 CVE-2007-5326: Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ARCServe BackUp v9.01 through
Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.
nvd
CVE-2008-2242P3HIGHCVSS 7.5v11.1v11.52008-05-21
CVE-2008-2242 [HIGH] CWE-119 CVE-2008-2242: Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1
Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function.
nvd
CVE-2007-0816P4MEDIUMCVSS 5.0PoCv11v11.1+1 more2007-02-07
CVE-2007-0816 [MEDIUM] CVE-2007-0816: The RPC Server service (catirpc.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup
The RPC Server service (catirpc.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 SP2 and earlier allows remote attackers to cause a denial of service (service crash) via a crafted TADDR2UADDR that triggers a null pointer dereference in catirpc.dll, possibly related to null credentials or verifier fields.
nvd
CVE-2007-1447P3CRITICALCVSS 10.0≤ 11.52007-03-16
CVE-2007-1447 [CRITICAL] CVE-2007-1447: The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier all
The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC procedure arguments, which result in memory corruption, a different vulnerability than CVE-2006-6076.
nvd
CVE-2007-5328P3CRITICALCVSS 10.0v9.01v10.5+3 more2007-10-13
CVE-2007-5328 [CRITICAL] CWE-264 CVE-2007-5328: The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise
The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain "insecure method calls" to modify the file system and registry, aka "Privileged function exposure."
nvd
CVE-2008-1979P4MEDIUMCVSS 5.0PoC≤ 12.0.5454.02008-04-27
CVE-2008-1979 [MEDIUM] CWE-189 CVE-2008-1979: The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attacke
The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to TCP port 41523, which triggers a buffer over-read.
nvd
CVE-2005-0349P3HIGHCVSS 7.5v11.12005-05-02
CVE-2005-0349 [HIGH] CVE-2005-0349: The production release of the UniversalAgent for UNIX in BrightStor ARCserve Backup 11.1 contains ha
The production release of the UniversalAgent for UNIX in BrightStor ARCserve Backup 11.1 contains hard-coded credentials, which allows remote attackers to access the file system and possibly execute arbitrary commands.
nvd
CVE-2007-5329P4CRITICALCVSS 10.0v9.01v11.1+1 more2007-10-13
CVE-2007-5329 [CRITICAL] CWE-399 CVE-2007-5329: Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterp
Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, has unknown impact and attack vectors related to memory corruption.
nvd
CVE-2007-3875P4MEDIUMCVSS 4.3v9.01v11.1+1 more2007-07-26
CVE-2007-3875 [MEDIUM] CVE-2007-3875: arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA produc
arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.
nvd