CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 1CVE-2023-42789
https://notcve.org/view.php?id=CVE-2023-42789
12 Mar 2024 — A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. Una escritura fuera de límites en Fortinet FortiOS 7.4.0 a 7.4.1, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, 6.2.0 a 6.2.15, FortiProxy 7.4.0, 7.2.0 a 7.2.6, 7.0.0 a 7.0.12, 2.0.0 a ... • https://github.com/jhonnybonny/CVE-2023-42789 • CWE-787: Out-of-bounds Write •
CVSS: 8.0EPSS: 0%CPEs: 7EXPL: 1CVE-2024-23112
https://notcve.org/view.php?id=CVE-2024-23112
12 Mar 2024 — An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation. Una omisión de autorización a través de una vulnerabilidad de clave controlada por el usuario [CWE-639] en FortiOS versión 7.4.0 a 7.4.1,... • https://github.com/zgimszhd61/CVE-2024-23112 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-42790
https://notcve.org/view.php?id=CVE-2023-42790
12 Mar 2024 — A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. Un desbordamiento de búfer en la región stack de la memoria en Fortinet FortiOS 7.4.0 a 7.4.1, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, 6.2.0 a 6.2.15, FortiProxy 7.4.0, 7.... • https://fortiguard.com/psirt/FG-IR-23-328 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2023-29180
https://notcve.org/view.php?id=CVE-2023-29180
22 Feb 2024 — A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.3, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to denial of service via specially crafted HTTP requests. Una desreferencia de puntero nulo en Fortinet FortiOS versión 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.12, 6.2.0 a 6.2.14, 6.0.0 a 6.... • https://fortiguard.com/psirt/FG-IR-23-111 • CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29179
https://notcve.org/view.php?id=CVE-2023-29179
22 Feb 2024 — A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, Fortiproxy version 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 allows attacker to denial of service via specially crafted HTTP requests. Una desreferencia de puntero nulo en Fortinet FortiOS versión 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.12, Fortiproxy versión 7.2.0 a 7.2.4, 7.0.0 a 7.0.10 permite atacante a la denegación de servicio a través de solicitudes HTTP especialmente manipuladas... • https://fortiguard.com/psirt/FG-IR-23-125 • CWE-476: NULL Pointer Dereference •
CVSS: 9.0EPSS: 0%CPEs: 20EXPL: 0CVE-2023-29181
https://notcve.org/view.php?id=CVE-2023-29181
22 Feb 2024 — A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted command. Un uso de cadena de formato controlada externamente en Fortinet FortiOS 7.2.0 a 7... • https://fortiguard.com/psirt/FG-IR-23-119 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 10.0EPSS: 2%CPEs: 11EXPL: 10CVE-2024-23113 – Fortinet Multiple Products Format String Vulnerability
https://notcve.org/view.php?id=CVE-2024-23113
15 Feb 2024 — A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets. Un uso de cadena de formato controlada externamente en Fortinet Fo... • https://github.com/zgimszhd61/CVE-2024-23113 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 10.0EPSS: 3%CPEs: 9EXPL: 8CVE-2024-21762 – Fortinet FortiOS Out-of-Bound Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-21762
09 Feb 2024 — A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests Una escritura fuera de los límites en Fortinet FortiOS versiones 7.4.0 ... • https://packetstorm.news/files/id/177602 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-47536
https://notcve.org/view.php?id=CVE-2023-47536
13 Dec 2023 — An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update. Una vulnerabilidad de control de acceso inadecuado [CWE-284] en FortiOS versión 7.2.0, versión 7.0.13 e inferior, versión 6.4.14 e inferior y Forti... • https://fortiguard.com/psirt/FG-IR-23-432 • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 10EXPL: 0CVE-2023-36639
https://notcve.org/view.php?id=CVE-2023-36639
13 Dec 2023 — A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests. Un uso de cadena de formato controlada externamente en Fortinet FortiProxy versiones 7.2.0 a 7.2.4, 7.0.0 a 7.0.10, versiones de... • https://fortiguard.com/psirt/FG-IR-23-138 • CWE-134: Use of Externally-Controlled Format String •