Page 9 of 79 results (0.005 seconds)

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection. • https://fortiguard.com/psirt/FG-IR-23-183 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API. • https://fortiguard.com/psirt/FG-IR-23-028 • CWE-613: Insufficient Session Expiration •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter. • https://exchange.xforce.ibmcloud.com/vulnerabilities/258201 https://fortiguard.com/psirt/FG-IR-23-015 • CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter. • https://fortiguard.com/psirt/FG-IR-23-015 • CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 0

A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests. • https://fortiguard.com/psirt/FG-IR-22-375 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •