CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37934
https://notcve.org/view.php?id=CVE-2023-37934
10 Jan 2024 — An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high frequency. Una vulnerabilidad de asignación de recursos sin límites o de limitación [CWE-770] en FortiPAM 1.0 en todas las versiones permite a un atacante autenticado realizar un ataque de denegación de servicio mediante el envío de solicitudes HTTP o HTTPS manipuladas con alta ... • https://fortiguard.com/psirt/FG-IR-23-226 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 0CVE-2023-41678
https://notcve.org/view.php?id=CVE-2023-41678
13 Dec 2023 — A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request. Un doble gratuito en las versiones Fortinet FortiOS 7.0.0 a 7.0.5, FortiPAM versión 1.0.0 a 1.0.3, 1.1.0 a 1.1.1 permite a un atacante ejecutar código o comandos no autorizados a través de una solicitud específicamente manipulada. • https://fortiguard.com/psirt/FG-IR-23-196 • CWE-415: Double Free •
CVSS: 9.0EPSS: 0%CPEs: 10EXPL: 0CVE-2023-36639
https://notcve.org/view.php?id=CVE-2023-36639
13 Dec 2023 — A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests. Un uso de cadena de formato controlada externamente en Fortinet FortiProxy versiones 7.2.0 a 7.2.4, 7.0.0 a 7.0.10, versiones de... • https://fortiguard.com/psirt/FG-IR-23-138 • CWE-134: Use of Externally-Controlled Format String •