CVSS: 8.3EPSS: 0%CPEs: 10EXPL: 0CVE-2024-40584
https://notcve.org/view.php?id=CVE-2024-40584
11 Feb 2025 — An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15 and 6.2.2 through 6.2.13, Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15 and 6.2.2 through 6.2.13, Fortinet FortiAnalyzer BigData version 7.4.0, 7.2.0 through 7.2.7, 7.0.1 through 7.0.6, 6.4.5 through 6.4.7 a... • https://fortiguard.fortinet.com/psirt/FG-IR-24-220 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36508
https://notcve.org/view.php?id=CVE-2024-36508
11 Feb 2025 — An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 CLI allows an authenticated admin user with diagnose privileges to delete files on the system. • https://fortiguard.fortinet.com/psirt/FG-IR-24-147 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 2.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-52966
https://notcve.org/view.php?id=CVE-2024-52966
11 Feb 2025 — An exposure of sensitive information to an unauthorized actor in Fortinet FortiAnalyzer 6.4.0 through 7.6.0 allows attacker to cause information disclosure via filter manipulation. • https://fortiguard.fortinet.com/psirt/FG-IR-24-422 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 99EXPL: 0CVE-2022-23439
https://notcve.org/view.php?id=CVE-2022-23439
22 Jan 2025 — A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.... • https://fortiguard.com/psirt/FG-IR-21-254 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-45331
https://notcve.org/view.php?id=CVE-2024-45331
16 Jan 2025 — A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands • https://fortiguard.fortinet.com/psirt/FG-IR-24-127 • CWE-266: Incorrect Privilege Assignment •
CVSS: 8.3EPSS: 0%CPEs: 12EXPL: 0CVE-2024-33502
https://notcve.org/view.php?id=CVE-2024-33502
14 Jan 2025 — An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-143 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35276
https://notcve.org/view.php?id=CVE-2024-35276
14 Jan 2025 — A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute ... • https://fortiguard.fortinet.com/psirt/FG-IR-24-165 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36512
https://notcve.org/view.php?id=CVE-2024-36512
14 Jan 2025 — An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-152 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.7EPSS: 0%CPEs: 10EXPL: 0CVE-2024-31496
https://notcve.org/view.php?id=CVE-2024-31496
12 Nov 2024 — A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-098 • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.6EPSS: 0%CPEs: 10EXPL: 0CVE-2024-33505
https://notcve.org/view.php?id=CVE-2024-33505
12 Nov 2024 — A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests • https://fortiguard.fortinet.com/psirt/FG-IR-24-125 • CWE-122: Heap-based Buffer Overflow •