Vulnerabilities > Broadcom > Fabric Operating System > 9.1.1c
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-21 | CVE-2024-10403 | Files or Directories Accessible to External Parties vulnerability in Broadcom Fabric Operating System Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave. | 7.5 |
| 2024-11-12 | CVE-2024-7516 | Missing Authentication for Critical Function vulnerability in Broadcom Fabric Operating System A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin. | 7.1 |
| 2024-06-26 | CVE-2024-29953 | Insecure Storage of Sensitive Information vulnerability in Broadcom Fabric Operating System A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. | 4.3 |
| 2024-06-26 | CVE-2024-29954 | Information Exposure Through Log Files vulnerability in Broadcom Fabric Operating System A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. | 5.5 |
| 2024-04-05 | CVE-2023-5973 | Origin Validation Error vulnerability in Broadcom Fabric Operating System Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName contains reserved characters. | 4.3 |
| 2024-04-04 | CVE-2023-3454 | OS Command Injection vulnerability in Broadcom Fabric Operating System Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch. | 9.8 |
| 2023-08-31 | CVE-2023-4163 | Classic Buffer Overflow vulnerability in Broadcom Fabric Operating System In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command. | 4.4 |