CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25602
https://notcve.org/view.php?id=CVE-2023-25602
16 Feb 2023 — A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and earlier, FortiWeb 5.8 all versions, FortiWeb 5.7 all versions, FortiWeb 5.6 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments. • https://fortiguard.com/psirt/FG-IR-21-234 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 1CVE-2021-42756
https://notcve.org/view.php?id=CVE-2021-42756
16 Feb 2023 — Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests. Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all ve... • https://github.com/3ndorph1n/CVE-2021-42756 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2021-42761
https://notcve.org/view.php?id=CVE-2021-42761
16 Feb 2023 — A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session. A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6... • https://fortiguard.com/psirt/FG-IR-21-214 • CWE-384: Session Fixation •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-36193
https://notcve.org/view.php?id=CVE-2021-36193
02 Feb 2022 — Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands. Múltiples desbordamientos de búfer en la región stack de la memoria en el intérprete de línea de comandos de FortiWeb versiones anteriores a 6.4.2, pueden permitir a un atacante autenticado lograr una ejecución de código arbitrario por medio de comandos especialmente diseñados • https://fortiguard.com/advisory/FG-IR-21-132 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-43073
https://notcve.org/view.php?id=CVE-2021-43073
02 Feb 2022 — A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. Una neutralización inapropiada de los elementos especiales usados en un comando os ("os command injection") en Fortinet FortiWeb versiones 6.4.1 y 6.4.0, versiones 6.3.15 y anteriores, versiones 6.2.6 y anteriores, permite a un atacante ej... • https://fortiguard.com/advisory/FG-IR-21-180 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-42753
https://notcve.org/view.php?id=CVE-2021-42753
02 Feb 2022 — An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem. Una limitación inapropiada de un nombre de ruta a un directorio restringido ("Path Traversal") vulnerabilidad [CWE-22] en la interfaz de administración de FortiWeb versiones 6.4.1 y anteri... • https://fortiguard.com/psirt/FG-IR-21-158 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 22EXPL: 0CVE-2021-32591
https://notcve.org/view.php?id=CVE-2021-32591
08 Dec 2021 — A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets. Una vulnerabilidad de pasos criptográficos faltantes en la función que cifra las credenciales LDAP y RADIUS de los usuarios en FortiSandbox versiones anteriores a 4.0.1, FortiWeb v... • https://fortiguard.com/advisory/FG-IR-20-222 •
CVSS: 6.7EPSS: 0%CPEs: 30EXPL: 0CVE-2021-42757
https://notcve.org/view.php?id=CVE-2021-42757
08 Dec 2021 — A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. Un desbordamiento de búfer [CWE-121] en la biblioteca del cliente TFTP de FortiOS versiones anteriores a 6.4.7 y FortiOS versiones 7.0.0 hasta 7.0.2, puede permitir a un atacante local autenticado lograr una ejecución de código arbitrario por medio de argumentos de línea de c... • https://fortiguard.com/advisory/FG-IR-21-173 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-36180
https://notcve.org/view.php?id=CVE-2021-36180
08 Dec 2021 — Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests. Múltiples vulnerabilidades de neutralización inapropiada de elementos especiales usados en un comando [CWE-77] en la interfaz de administración de FortiWeb 6.4.1 y anteriores, 6.3.15 y anteriores, 6.2.5 y anteriore... • https://fortiguard.com/advisory/FG-IR-21-120 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36182
https://notcve.org/view.php?id=CVE-2021-36182
08 Sep 2021 — A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests Una neutralización inapropiada de los elementos especiales usados en un comando ("Command Injection") en Fortinet FortiWeb versión 6.3.13 y por debajo, permite al atacante ejecutar código o comandos no autorizados por medio de peticiones HTTP diseñadas • https://fortiguard.com/advisory/FG-IR-21-047 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •