Page 2 of 67 results (0.011 seconds)

CVSS: 3.4EPSS: 0%CPEs: 6EXPL: 0

An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-446 • CWE-1389: Incorrect Parsing of Numbers with Different Radices •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0

A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specially crafted packets. Un desbordamiento de búfer basado en pila en Fortinet FortiPAM versión 1.2.0, 1.1.0 a 1.1.2, 1.0.0 a 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager versión 7.2.0 a 7.2.3, 7.0.1 a 7.0. 3, FortiOS versión 7.4.0 a 7.4.3, 7.2.0 a 7.2.7, 7.0.0 a 7.0.14, 6.4.0 a 6.4.15, 6.2.0 a 6.2.16, 6.0.0 a 6.0. 18, FortiProxy versión 7.4.0 a 7.4.2, 7.2.0 a 7.2.9, 7.0.0 a 7.0.15, 2.0.0 a 2.0.13, 1.2.0 a 1.2.13, 1.1.0 a 1.1. 6, 1.0.0 a 1.0.7 permite a un atacante ejecutar código o comandos no autorizados a través de paquetes especialmente manipulados. • https://fortiguard.fortinet.com/psirt/FG-IR-24-036 • CWE-121: Stack-based Buffer Overflow •

CVSS: 1.8EPSS: 0%CPEs: 8EXPL: 1

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file. Un uso de hash de contraseña con vulnerabilidad de esfuerzo computacional insuficiente [CWE-916] que afecta a FortiOS versión 7.4.3 e inferior, 7.2 todas las versiones, 7.0 todas las versiones, 6.4 todas las versiones y FortiProxy versión 7.4.2 e inferior, 7.2 todas las versiones, 7.0 todas versiones, 2.0, todas las versiones pueden permitir que un atacante privilegiado con perfil de superadministrador y acceso CLI pueda descifrar el archivo de copia de seguridad. • https://github.com/CyberSecuritist/CVE-2024-21754-Forti-RCE https://fortiguard.fortinet.com/psirt/FG-IR-23-423 • CWE-916: Use of Password Hash With Insufficient Computational Effort •

CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0

A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands. Un desbordamiento de búfer basado en pila en Fortinet FortiOS versión 7.4.0 a 7.4.1 y 7.2.0 a 7.2.7 y 7.0.0 a 7.0.12 y 6.4.6 a 6.4.15 y 6.2.9 a 6.2.16 y Las versiones 6.0.13 a 6.0.18 permiten a un atacante ejecutar código o comandos no autorizados a través de comandos CLI especialmente manipulados. • https://fortiguard.fortinet.com/psirt/FG-IR-23-356 • CWE-121: Stack-based Buffer Overflow •

CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file. Un uso de hash de contraseña con vulnerabilidad de esfuerzo computacional insuficiente [CWE-916] que afecta a FortiOS versión 7.4.3 e inferior, 7.2 todas las versiones, 7.0 todas las versiones, 6.4 todas las versiones y FortiProxy versión 7.4.2 e inferior, 7.2 todas las versiones, 7.0 todas versiones, 2.0, todas las versiones pueden permitir que un atacante privilegiado con perfil de superadministrador y acceso CLI pueda descifrar el archivo de copia de seguridad. An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-471 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •