Integer overflow

An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution...

CVE-2021-26109

An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution...

CVE-2021-26109

Fortinet FortiOS/ FortiGate SSLVPN memory allocator vulnerability (CVE-2021-26109) is an integer overflow that can corrupt heap control data via crafted SSLVPN requests. Affects FortiOS prior to 7.0.1; exploitation by unauthenticated network attackers could lead to arbitrary code execution with h...

CVE-2021-26109

An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution...

CVE-2021-26108

A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering...

CVE-2021-26108

A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering...

CVE-2021-26108

CVE-2021-26108 is a Fortinet FortiOS SSLVPN hard-coded cryptographic key vulnerability affecting FortiOS before 7.0.1. The underlying issue allows an attacker to retrieve the key by reverse engineering, with high confidentiality impact reported (CVSS v3.1 base score 7.5). Affected component is Fo...

Protect

An integer overflow or wraparound vulnerability CWE-190 in FortiOS SSLVPN memory allocator may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution...

Protect

A use of hard-coded cryptographic key vulnerability CWE 321 in FortiOS SSLVPN may allow an attacker to retrieve the key by reverse engineering...

SonicWall SSLVPN SMA100 SQL Injection Vulnerability

SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker...

Fortinet FortiOS has an unspecified vulnerability (CNVD-2021-101140)

Fortinet FortiOS is a security operating system from Fortinet that is dedicated to the FortiGate network security platform. The system provides users with a variety of security features such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam.Fortinet FortiOS has a security...

CVE-2021-24012

An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority...

CVE-2021-24012

An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority...

Input validation

An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority...

CVE-2021-24012

An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority...

CVE-2021-24012

CVE-2021-24012 affects Fortinet FortiGate SSL-VPN (versions 6.4.0 through 6.4.4). The root cause is improper validation of a certificate chain, allowing an LDAP user to authenticate with any certificate signed by a trusted CA. Impact: permits bypass of certificate chain trust for SSL-VPN login; a...

XSS vulnerability in FortiProxy SSLVPN Portal

An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS...

"Http/1.1 Internal Server Error 43531" when accessing Citrix Gateway after upgrading to version 13.0

Users will get the error "Http/1.1 Internal Server Error 43531" The ns.log will give error as below: Dec 23 14:52:26 , aaainfo flags 11 flags2 0, new webview 0, sess flags2 0, flags3 0 flags4 400 ssoDomain , ssoUsername: , ssoUsername2: " Dec 23 14:52:26 XXX.XXX.X.XXX 12/23/2020:19:52:26 GMT...

New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild

Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy new Mirai variants on internet connected devices. "Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection...

Weak Password Vulnerability in Jabil Firewall Management System, Jabil SSLVPN Management System, Jabil Website Security Monitoring

Xi'an Jiaotong University Jiepu Network Technology Co., Ltd. is a first-class professional network security products and technology provider in China. Jabil Firewall Management System, Jabil SSLVPN Management System, Jabil Website Security Monitoring has a weak password vulnerability that can be...