Page 8 of 101 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets. Un conflicto de interpretación en las versiones 7.321, 7.166 y 6.158 de Fortinet IPS Engine permite a un atacante evadir las funciones de IPS a través de paquetes TCP manipulados. • https://fortiguard.com/psirt/FG-IR-23-090 • CWE-436: Interpretation Conflict •

CVSS: 8.0EPSS: 0%CPEs: 6EXPL: 0

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting. Una neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-Site Scripting') [CWE-79] en FortiProxy 7.2.0 a 7.2.4, 7.0.0 a 7.0.10 y FortiOS 7.2.0 a 7.2.4, Las versiones 7.0.0 a 7.0.11, 6.4.0 a 6.4.12, 6.2.0 a 6.2.14 pueden permitir que un atacante autenticado desencadene la ejecución de código JavaScript malicioso a través de una configuración de administración de invitados manipulados. • https://fortiguard.com/psirt/FG-IR-23-106 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 20EXPL: 0

An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers. Una vulnerabilidad de validación de certificado incorrecta [CWE-295] en FortiManager v7.0.1 y versiones inferiores, v6.4.6 y versiones inferiores; FortiAnalyzer v7.0.2 y versiones inferiores, v6.4.7 y versiones inferiores; FortiOS v6.2.x y v6.0.x; FortiSandbox v4.0.x, 3.2.x y 3.1.x puede permitir a un atacante adyacente a la red y no autenticado interceder en la comunicación mediante la técnica de man-in-the-middle entre los productos enumerados y algunos peers externos. • https://fortiguard.com/psirt/FG-IR-18-292 • CWE-295: Improper Certificate Validation CWE-297: Improper Validation of Certificate with Host Mismatch •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections. • https://fortiguard.com/psirt/FG-IR-23-149 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection. • https://fortiguard.com/psirt/FG-IR-23-183 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •