CVSS: 8.3EPSS: 0%CPEs: 12EXPL: 0CVE-2024-33502
https://notcve.org/view.php?id=CVE-2024-33502
14 Jan 2025 — An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-143 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35273
https://notcve.org/view.php?id=CVE-2024-35273
14 Jan 2025 — A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-106 • CWE-787: Out-of-bounds Write •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35276
https://notcve.org/view.php?id=CVE-2024-35276
14 Jan 2025 — A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute ... • https://fortiguard.fortinet.com/psirt/FG-IR-24-165 • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35275
https://notcve.org/view.php?id=CVE-2024-35275
14 Jan 2025 — A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-091 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36512
https://notcve.org/view.php?id=CVE-2024-36512
14 Jan 2025 — An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-152 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.7EPSS: 0%CPEs: 10EXPL: 0CVE-2024-31496
https://notcve.org/view.php?id=CVE-2024-31496
12 Nov 2024 — A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-098 • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.6EPSS: 0%CPEs: 10EXPL: 0CVE-2024-33505
https://notcve.org/view.php?id=CVE-2024-33505
12 Nov 2024 — A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests • https://fortiguard.fortinet.com/psirt/FG-IR-24-125 • CWE-122: Heap-based Buffer Overflow •
CVSS: 2.3EPSS: 0%CPEs: 10EXPL: 0CVE-2024-35274
https://notcve.org/view.php?id=CVE-2024-35274
12 Nov 2024 — An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-179 • CWE-23: Relative Path Traversal •
CVSS: 6.7EPSS: 0%CPEs: 10EXPL: 0CVE-2024-32118
https://notcve.org/view.php?id=CVE-2024-32118
12 Nov 2024 — Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-116 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-32116
https://notcve.org/view.php?id=CVE-2024-32116
12 Nov 2024 — Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-099 • CWE-23: Relative Path Traversal •