CVSS: 8.3EPSS: 0%CPEs: 12EXPL: 0CVE-2024-33502
https://notcve.org/view.php?id=CVE-2024-33502
14 Jan 2025 — An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-143 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-33503
https://notcve.org/view.php?id=CVE-2024-33503
14 Jan 2025 — A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands • https://fortiguard.fortinet.com/psirt/FG-IR-24-127 • CWE-266: Incorrect Privilege Assignment •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35273
https://notcve.org/view.php?id=CVE-2024-35273
14 Jan 2025 — A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-106 • CWE-787: Out-of-bounds Write •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35276
https://notcve.org/view.php?id=CVE-2024-35276
14 Jan 2025 — A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute ... • https://fortiguard.fortinet.com/psirt/FG-IR-24-165 • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35275
https://notcve.org/view.php?id=CVE-2024-35275
14 Jan 2025 — A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-091 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36512
https://notcve.org/view.php?id=CVE-2024-36512
14 Jan 2025 — An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-152 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50566
https://notcve.org/view.php?id=CVE-2024-50566
14 Jan 2025 — A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager versions 7.6.0 through 7.6.1, versions 7.4.5 through 7.4.0, and versions 7.2.1 through 7.2.8, FortiManager Cloud versions 7.6.0 through 7.6.1, versions 7.4.0 through 7.4.4, and versions 7.2.2 through 7.2.7 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-463 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-48889
https://notcve.org/view.php?id=CVE-2024-48889
18 Dec 2024 — An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below, version 7.2.7 to 7.2.1, version 7.0.12 to 7.0.1 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-425 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.7EPSS: 0%CPEs: 10EXPL: 0CVE-2024-31496
https://notcve.org/view.php?id=CVE-2024-31496
12 Nov 2024 — A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-098 • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.6EPSS: 0%CPEs: 10EXPL: 0CVE-2024-33505
https://notcve.org/view.php?id=CVE-2024-33505
12 Nov 2024 — A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests • https://fortiguard.fortinet.com/psirt/FG-IR-24-125 • CWE-122: Heap-based Buffer Overflow •