CVSS: 7.6EPSS: 0%CPEs: 18EXPL: 0CVE-2024-26010
https://notcve.org/view.php?id=CVE-2024-26010
11 Jun 2024 — A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 throu... • https://fortiguard.fortinet.com/psirt/FG-IR-24-036 • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.7EPSS: 0%CPEs: 12EXPL: 0CVE-2023-36640
https://notcve.org/view.php?id=CVE-2023-36640
14 May 2024 — A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands Un uso de cadena de formato controlada externamente en las versiones... • https://fortiguard.com/psirt/FG-IR-23-137 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-45583
https://notcve.org/view.php?id=CVE-2023-45583
14 May 2024 — A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http req... • https://fortiguard.com/psirt/FG-IR-23-137 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.6EPSS: 0%CPEs: 13EXPL: 0CVE-2023-41677
https://notcve.org/view.php?id=CVE-2023-41677
09 Apr 2024 — A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack Credenciales insuficientemente protegidas en Fortinet FortiProxy 7.4.0, ... • https://fortiguard.com/psirt/FG-IR-23-493 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2023-29180
https://notcve.org/view.php?id=CVE-2023-29180
22 Feb 2024 — A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.3, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to denial of service via specially crafted HTTP requests. Una desreferencia de puntero nulo en Fortinet FortiOS versión 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.12, 6.2.0 a 6.2.14, 6.0.0 a 6.... • https://fortiguard.com/psirt/FG-IR-23-111 • CWE-476: NULL Pointer Dereference •
CVSS: 9.0EPSS: 0%CPEs: 20EXPL: 0CVE-2023-29181
https://notcve.org/view.php?id=CVE-2023-29181
22 Feb 2024 — A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted command. Un uso de cadena de formato controlada externamente en Fortinet FortiOS 7.2.0 a 7... • https://fortiguard.com/psirt/FG-IR-23-119 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 10.0EPSS: 45%CPEs: 11EXPL: 10CVE-2024-23113 – Fortinet Multiple Products Format String Vulnerability
https://notcve.org/view.php?id=CVE-2024-23113
15 Feb 2024 — A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets. Un uso de cadena de formato controlada externamente en Fortinet Fo... • https://github.com/zgimszhd61/CVE-2024-23113 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 10.0EPSS: 91%CPEs: 9EXPL: 8CVE-2024-21762 – Fortinet FortiOS Out-of-Bound Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-21762
09 Feb 2024 — A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests Una escritura fuera de los límites en Fortinet FortiOS versiones 7.4.0 ... • https://packetstorm.news/files/id/177602 • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 0CVE-2023-36641
https://notcve.org/view.php?id=CVE-2023-36641
14 Nov 2023 — A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5, FortiOS version 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions allows attacker to denial of service via specifically crafted HTTP requests. Un error de truncamient... • https://fortiguard.com/psirt/FG-IR-23-151 • CWE-197: Numeric Truncation Error •
CVSS: 6.7EPSS: 0%CPEs: 9EXPL: 0CVE-2021-43072
https://notcve.org/view.php?id=CVE-2021-43072
18 Jul 2023 — A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.... • https://fortiguard.com/advisory/FG-IR-21-206 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •