Fortinet Fortigate Weak Authentication in csfd daemon (FG-IR-24-221)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-24-221 advisory. - A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through...

Fortinet Fortigate File-Filter Bypass in Explicit Web Proxy Policy (FG-IR-24-282)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-282 advisory. - An improper neutralization of crlf sequences in http headers 'http response splitting' in Fortinet FortiOS 7.2.0 through...

Omron NJ/NX-series Machine Automation Controllers 路径遍历漏洞

Omron NJ/NX-series Machine Automation Controllers are a series of controllers from Omron Japan. A path traversal vulnerability exists in Omron NJ/NX-series Machine Automation Controllers, which stems from a path traversal vulnerability that can be exploited by an attacker to gain unauthorized...

Fortinet FortiWLM Path Traversal Vulnerability (CNVD-2024-4963848)

Fortinet FortiWLM is a wireless manager from Fortinet, Inc. Fortinet FortiWLM suffers from a path traversal vulnerability that stems from the program failing to properly filter for specific elements in the path to a resource or file. An attacker could use this vulnerability to execute unauthorize...

Fortinet FortiManager Operating System Command Injection Vulnerability

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains ADOM to further simplify the deployment and management of multi-device...

CVE-2021-32589

A Use After Free CWE-416 vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 an...

Attackers exploiting a patched FortiClient EMS vulnerability in the wild

Introduction During a recent incident response, Kaspersky's GERT team identified a set of TTPs and indicators linked to an attacker that infiltrated a company's networks by targeting a Fortinet vulnerability for which a patch was already available. This vulnerability is an improper filtering of S...

CVE-2022-27595

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windo...

CVE-2022-27595 QVPN Device Client

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windo...

CVE-2022-27595 QVPN Device Client

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windo...

CVE-2022-27595

CVE-2022-27595 corresponds to an insecure library loading vulnerability in QNAP’s QVPN Device Client. Multiple connected sources consistently state that a local attacker who already has user access can exploit this issue to execute unauthorized code or commands on affected systems. The problem is...

CVE-2023-34990

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests...

CVE-2023-34990

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests...

CVE-2023-34990

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests...

CVE-2023-34990

FortiWLM suffers a path traversal vulnerability (CVE-2023-34990) that allows unauthenticated remote attackers to read arbitrary log files via crafted requests to ezrf_lighttpd.cgi. Affected FortiWLM versions are 8.6.0–8.6.5 and 8.5.0–8.5.4; fixes are 8.6.6 and 8.5.5 respectively. Impact includes ...

Fortinet FortiManager 操作系统命令注入漏洞

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains ADOM to further simplify the deployment and management of multi-device...

Fortinet FortiWLM 代码注入漏洞

Fortinet FortiWLM is a wireless manager from Fortinet, Inc. Fortinet FortiWLM suffers from a path traversal vulnerability that stems from the program failing to properly filter for specific elements in the path to a resource or file. An attacker could use this vulnerability to execute unauthorize...

PYSEC-2024-154 A number of releases of ultralytics contained malicious crypto miner software.

Ultralytics has identified a supply chain attack affecting affecting multiple versions of the ultralytics package. The compromised versions contained unauthorized code that downloaded and executed cryptocurrency mining software when instantiating YOLO models. This code was injected into the PyPI...

A number of releases of ultralytics contained malicious crypto miner software.

Ultralytics has identified a supply chain attackaffecting affecting multiple versions of the ultralytics package.The compromised versions contained unauthorized code thatdownloaded and executed cryptocurrency mining softwarewhen instantiating YOLO models.This code was injected into the PyPI relea...

Withdrawn Advisory: Symfony's VarDumper vulnerable to unsafe deserialization

Withdrawn Advisory This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5048. Original Description A deserialization vulnerability exists in the Stub clas...