CVSS: 4.7EPSS: 0%CPEs: 99EXPL: 0CVE-2022-23439
https://notcve.org/view.php?id=CVE-2022-23439
22 Jan 2025 — A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.... • https://fortiguard.com/psirt/FG-IR-21-254 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2022-27486
https://notcve.org/view.php?id=CVE-2022-27486
13 Aug 2024 — A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 allows an authenticated attacker to execute shell code as `root` via `execute` CLI commands. A improper neutralization of special elements used in an os command ('os command injection') in Fortine... • https://fortiguard.com/psirt/FG-IR-22-047 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-25603
https://notcve.org/view.php?id=CVE-2023-25603
14 Nov 2023 — A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests. Una política permisiva entre dominios con vulnerabilidad de dominios que no son de confianza en Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 y 6.4.0 - 6.4.1 permite a un atacante no autorizado realizar acciones privilegiadas... • https://fortiguard.com/psirt/FG-IR-22-518 • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 6.7EPSS: 0%CPEs: 14EXPL: 0CVE-2023-29177
https://notcve.org/view.php?id=CVE-2023-29177
14 Nov 2023 — Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests. Las vulnerabilidades de copia de búfer múltiple sin verificar el tamaño de entrada ('desbordamiento del búfer clásico') [CWE-120] en FortiADC versión 7.2.0 y anteriores a 7.1.2 y FortiDDoS-F versión 6.5.0 y anter... • https://fortiguard.com/psirt/FG-IR-23-064 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-40679
https://notcve.org/view.php?id=CVE-2022-40679
11 Apr 2023 — An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all versions, 5.4 all versions, 5.5 all versions, 5.6 all versions and FortiDDoS-F 6.4.0, 6.3.0 through 6.3.3, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 may allow an authenticated attacker to execute unauthorized command... • https://fortiguard.com/psirt/FG-IR-22-335 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •