Fortinet FortiWeb xss (FG-IR-21-122)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-122 advisory. - A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWeb version 6.4.1 and...

Fortinet FortiWeb OS Command Injection because of missing input parameter sanitization (FG-IR-21-047)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-047 advisory. - A Improper neutralization of special elements used in a command 'Command Injection' in Fortinet FortiWeb version 6.3.13 and...

Fortinet Fortigate Debug commands allow memory manipulation (FG-IR-21-091)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-091 advisory. - A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute...

Fortinet FortiWeb Stack-based buffer overflow due to type mismatch (FG-IR-21-134)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-134 advisory. - A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute...

Fortinet FortiWeb Insufficient protections against XSS and CSRF (FG-IR-23-068)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-068 advisory. - A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6...

Fortinet Fortigate Stack-based buffer overflows via crafted CLI commands (FG-IR-21-206)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-206 advisory. - A buffer copy without checking size of input 'classic buffer overflow' in Fortinet FortiAnalyzer version 7.0.2 and below,...

Fortinet FortiWeb xss (FG-IR-21-139)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-139 advisory. - A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWeb version 6.4.1 and...

Fortinet FortiWeb Heap-based buffer overflow in API v1.0 controller (FG-IR-21-188)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-188 advisory. - A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below...

Fortinet Fortigate Out-of-bounds Write in captive portal (FG-IR-23-328)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-23-328 advisory. - A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0...

Fortinet FortiWeb Multiple stack-based buffer overflow vulnerabilities in CLI command (FG-IR-20-206)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-20-206 advisory. - A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute...

Fortinet Fortigate Format string vulnerability in command line interpreter (FG-IR-21-235)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-235 advisory. - A format string vulnerability CWE-134 in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC...

Fortinet FortiWeb Stack-Based Buffer Overflow vulnerability (FG-IR-21-119)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-119 advisory. - A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker ...

Sandbox Bypass

twig/twig is vulnerable to Sandbox Bypass. The vulnerability is due to sandbox security checks not being enforced in certain situations, allowing an attacker to execute unauthorized code or access sensitive data via user-contributed templates...

CVE-2024-8268

The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajaxrequest function in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2024-8268

CVE-2024-8268 affects the Frontend Dashboard WordPress plugin (versions

Apache Airflow vulnerable to Execution with Unnecessary Privileges

Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later...

CVE-2024-45034

Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later...

CVE-2024-45034

CVE-2024-45034 affects Apache Airflow versions before 2.10.1. The vulnerability lets DAG authors put local settings in the DAG folder that get executed by the scheduler, which should not run code submitted by DAG authors. Red Hat and OSV entries confirm the issue and point to a fix in 2.10.1 or l...

CVE-2022-27592

CVE-2022-27592 affects QVR Smart Client (prior to 2.4.0.0570). The issue is an unquoted search path/element vulnerability that could allow local authenticated administrators to execute unauthorized code via unspecified vectors. Impact is local, with potential for full code execution on affected h...

PT-2024-11545 · Qnap · Qvr Smart Client

Name of the Vulnerable Software and Affected Versions: QVR Smart Client versions prior to 2.4.0.0570 Description: An unquoted search path or element issue has been reported, which could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors...