38 matches found
EUVD-2024-24978
Malicious code in bioql PyPI...
EUVD-2024-24976
Malicious code in bioql PyPI...
EUVD-2024-24975
Malicious code in bioql PyPI...
EUVD-2024-24977
Malicious code in bioql PyPI...
CVE-2024-27783
Multiple cross-site request forgery CSRF weaknesses CWE-352 vulnerability in Fortinet FortiAIOps 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests...
CVE-2024-27785
An improper neutralization of formula elements in a CSV File CWE-1236 vulnerability in Fortinet FortiAIOps 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports...
CVE-2024-27782
Multiple insufficient session expiration weaknesses CWE-613 vulnerability in Fortinet FortiAIOps 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests...
CVE-2024-27784
Multiple Exposure of sensitive information to an unauthorized actor weaknesses CWE-200 vulnerability in Fortinet FortiAIOps 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files...
Fortinet FortiAIOps Cross-Site Request Forgery Vulnerability
Fortinet FortiAIOps is a Fortinet networking solution that combines artificial intelligence and machine learning AI/ML from Fortinet. Fortinet FortiAIOps version 2.0.0 suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that...
Fortinet FortiAIOps Code Issue Vulnerability
Fortinet FortiAIOps is a Fortinet networking solution that combines artificial intelligence and machine learning AI/ML from Fortinet. A code issue vulnerability exists in Fortinet FortiAIOps version 2.0.0, which stems from the presence of multiple sessions that have insufficiently expired, and ca...
Fortinet FortiAIOps Log Information Disclosure Vulnerability
Fortinet FortiAIOps is a Fortinet networking solution that combines artificial intelligence and machine learning AI/ML from Fortinet. A log information disclosure vulnerability exists in Fortinet FortiAIOps version 2.0.0, which stems from an application that does not adequately protect sensitive...
Vulnerabilities fixed in Fortinet
Fortinet has fixed a number of vulnerabilities in FortiAIOps, Fortinet FortiPortal, FortiWeb and Fortinet FortiExtender. The most serious vulnerabilities are CVE-2024-23663, CVE-2024-27782 and CVE-2024-27784. Which are in Fortinet FortiExtender and FortiAIOps. Fortinet FortiExtender: Fortinet...
CVE-2024-27782
Multiple insufficient session expiration weaknesses CWE-613 vulnerability in Fortinet FortiAIOps 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests...
CVE-2024-27784
Multiple Exposure of sensitive information to an unauthorized actor weaknesses CWE-200 vulnerability in Fortinet FortiAIOps 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files...
CVE-2024-27784
Multiple Exposure of sensitive information to an unauthorized actor weaknesses CWE-200 vulnerability in Fortinet FortiAIOps 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files...
CVE-2024-27785
An improper neutralization of formula elements in a CSV File CWE-1236 vulnerability in Fortinet FortiAIOps 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports...
CVE-2024-27785
An improper neutralization of formula elements in a CSV File CWE-1236 vulnerability in Fortinet FortiAIOps 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports...
CVE-2024-27783
Multiple cross-site request forgery CSRF weaknesses CWE-352 vulnerability in Fortinet FortiAIOps 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests...
CVE-2024-27782
Multiple insufficient session expiration weaknesses CWE-613 vulnerability in Fortinet FortiAIOps 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests...
CVE-2024-27782
Fortinet FortiAIOps 2.0.0 is affected by CVE-2024-27782 due to insufficient session expiration, enabling an attacker to reuse stolen session tokens to perform unauthorized operations via crafted requests. Affected component: FortiAIOps (Fortinet). Root cause: multiple sessions with insufficient e...