Lucene search
K

146 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/11 12:0 a.m.30 views

Fortinet Fortigate xss (FG-IR-23-471)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-471 advisory. - An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS versi...

6.8CVSS7.6AI score0.01042EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/11 12:0 a.m.86 views

Fortinet Fortigate Weak key derivation for backup file (FG-IR-23-423)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-423 advisory. - A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and...

4.4CVSS7.3AI score0.03469EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/06/03 12:0 a.m.6 views

PT-2024-19670 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: FortiWeb versions 6.3 and all versions prior to 7.0.8 FortiWeb versions 7.2.4 and below FortiWeb version 7.4.0 Description: The issue allows an authenticated attacker to read password hashes of other administrators via CLI commands. This is d...

5.5CVSS6.9AI score0.00202EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2024/05/03 2:15 a.m.7 views

CVE-2023-34284

NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists...

6.3CVSS5.8AI score0.00447EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/04/09 2:24 p.m.27 views

CVE-2023-48784

A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...

6.7CVSS7.2AI score0.00771EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.6 views

Fortinet FortiOS 格式化字符串错误漏洞

Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform from the American company Fiat Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering, and antispam security features. The Fortinet FortiOS is...

6.7CVSS7.5AI score0.00771EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/01/25 8:21 p.m.147 views

CVE-2024-23897

A flaw was found in Jenkins, which uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces the "@" character followed by a file path in an argument with the file’s contents expandAtFiles...

9.8CVSS8.5AI score0.99999EPSS
Exploits46References6
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.4 views

PT-2023-8025 · Fortinet · Fortiswitch +4

Name of the Vulnerable Software and Affected Versions: FortiVoiceEnterprise versions 6.0.x through 6.4.x FortiSwitch versions 6.0.x through 7.0.4 FortiMail versions 6.0.x through 7.0.3 FortiRecorder versions 2.6.x through 6.4.2 FortiNDR version 1.x.x Description: A cross-site request forgery CSRF...

9.7CVSS8.9AI score0.00491EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/10/26 12:0 a.m.5 views

PT-2023-7306 · Zyxel · Zyxel Nwa50Ax +8

Name of the Vulnerable Software and Affected Versions: Zyxel ATP series versions 4.32 through 5.37 Zyxel USG FLEX series versions 4.50 through 5.37 Zyxel USG FLEX 50W series versions 4.16 through 5.37 Zyxel USG20W-VPN series versions 4.16 through 5.37 Zyxel VPN series versions 4.30 through 5.37...

5.5CVSS5.4AI score0.00212EPSS
Exploits0References5
OSV
OSV
added 2023/10/05 6:15 p.m.6 views

CVE-2023-43072

Dell SmartFabric Storage Software v1.4 and earlier contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands...

7.8CVSS5.9AI score0.00153EPSS
Exploits0References1
NVD
NVD
added 2023/08/29 6:15 p.m.21 views

CVE-2023-34039

Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI...

9.8CVSS9.9AI score0.63947EPSS
Exploits9References3
Citrix
Citrix
added 2023/08/19 12:0 a.m.7 views

While trying to gather logs the file shows "Could not process the file. File size is too large".

- While trying to reach the logs via the ADC GUI it says "Could not process the file. File size is too large " - The file is not that large less than 1-5 MB and can be observed via CLI or extracted via SFTP. - Only fails via GUI...

7.1AI score
Exploits0
OSV
OSV
added 2022/11/02 12:15 p.m.5 views

CVE-2022-26119

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

7.8CVSS5.8AI score0.00195EPSS
Exploits0References1
NVD
NVD
added 2022/11/02 12:15 p.m.16 views

CVE-2022-26119

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

7.8CVSS0.00195EPSS
Exploits0References1
Prion
Prion
added 2022/11/02 12:15 p.m.16 views

Authentication flaw

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

4.3CVSS7.4AI score0.00195EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/11/02 12:0 a.m.66 views

CVE-2022-26119

Affected software : Fortinet FortiSIEM versions prior to 6.5.0. Vulnerability : Improper authentication allowing a local attacker with CLI access to perform operations on the Glassfish server via a hardcoded password. The root cause is hardcoded/default credentials used when connecting to Glassfi...

7.8CVSS7.5AI score0.00195EPSS
Exploits0References1Affected Software1
Fortinet
Fortinet
added 2022/11/01 12:0 a.m.54 views

FortiSIEM - Glassfish local credentials stored in plain text

An improper authentification vulnerability CWE-287 in FortiSIEM may allow a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

4.3CVSS7.1AI score0.00195EPSS
Exploits0Affected Software1
NVD
NVD
added 2022/10/18 3:15 a.m.24 views

CVE-2022-22248

An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's...

7.3CVSS0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/10/18 2:46 a.m.23 views

CVE-2022-22248 Junos OS Evolved: Incorrect file permissions can allow low-privileged user to cause another user to execute arbitrary commands

An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's...

7.3CVSS7.5AI score0.00182EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/03 2:15 p.m.5 views

CVE-2022-23442

An improper access control vulnerability CWE-284 in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands...

4.3CVSS5.8AI score0.00472EPSS
Exploits0References2
Rows per page
Query Builder