Broadcom

Fabric Operating System

81 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.7

CVE-2025-1976

Warning Media report
  • EPSS 1.03%
  • Published 24.04.2025 03:15:14
  • Last modified 29.04.2025 19:49:59

Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.

7.5

CVE-2024-10403

  • EPSS 0.18%
  • Published 21.11.2024 11:15:16
  • Last modified 04.02.2025 15:28:04

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that ...

7.1

CVE-2024-7516

  • EPSS 0.04%
  • Published 12.11.2024 19:15:18
  • Last modified 04.02.2025 15:25:22

A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is perfor...

9

CVE-2024-3596

Media report
  • EPSS 24.61%
  • Published 09.07.2024 12:15:20
  • Last modified 04.09.2025 21:15:32

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Respon...

8.1

CVE-2024-5460

  • EPSS 0.59%
  • Published 26.06.2024 00:15:11
  • Last modified 04.02.2025 15:24:36

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vuln...

5.5

CVE-2024-29954

  • EPSS 0.04%
  • Published 26.06.2024 00:15:10
  • Last modified 21.11.2024 09:08:41

A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such ...

4.3

CVE-2024-29953

  • EPSS 0.27%
  • Published 26.06.2024 00:15:10
  • Last modified 04.02.2025 15:19:11

A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encod...

4.3

CVE-2023-5973

  • EPSS 0.2%
  • Published 05.04.2024 03:15:07
  • Last modified 13.02.2025 18:16:02

Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName contains reserved characters. This could allow an authenticated user to alter the UI of the Brocade Switch and ...

6.3

CVE-2024-24795

  • EPSS 1.22%
  • Published 04.04.2024 20:15:08
  • Last modified 30.06.2025 12:55:47

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, ...

7.3

CVE-2023-38709

  • EPSS 5.8%
  • Published 04.04.2024 20:15:08
  • Last modified 30.06.2025 12:59:08

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.