CVE-2022-23446

A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission...

EUVD-2022-33470

Malicious code in bioql PyPI...

Fortinet FortiEDR 安全漏洞

Fortinet FortiEDR is an endpoint security solution built from the ground up by Fortinet. An Access Control Error vulnerability exists in Fortinet FortiEDR Collector Windows that stems from the presence of improper access controls in the application. A local attacker could exploit the vulnerabilit...

CVE-2023-33303

A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request...

CVE-2022-39949

An improper control of a resource through its lifetime vulnerability CWE-664 in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection...

CVE-2022-39949

Summary: CVE-2022-39949 affects FortiEDR CollectorWindows. The issue is an improper control of a resource through its lifetime that may let a privileged user terminate FortiEDR processes with special tools, bypassing protection. Affected versions: FortiEDR CollectorWindows 4.0.0–4.1, 5.0.0–5.0.3....

CVE-2022-39949

An improper control of a resource through its lifetime vulnerability CWE-664 in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection...

CVE-2022-29057

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack XSS by injecting malicious payload into the...

CVE-2022-29057

Fortinet FortiEDR CVE-2022-29057 is a reflected cross-site scripting (XSS) vulnerability arising from improper input neutralization during web page generation in the FortiEDR Management Console. A remote authenticated attacker can exploit this via various endpoints to inject malicious payloads. A...

CVE-2022-29057

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack XSS by injecting malicious payload into the...

CVE-2022-29057

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack XSS by injecting malicious payload into the...

FortiEDR - Cross Site Scripting (XSS) vulnerabilities over the Management Console

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiEDR Central Manager may allow a remote authenticated attacker to perform a reflected cross site scripting attack XSS via injecting a malicious payload into the Management Console through various endpoints...

CVE-2022-23440

A use of hard-coded cryptographic key vulnerability CWE-321 in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment...

CVE-2022-23440

The CVE-2022-23440 issue affects Fortinet FortiEDR collectors (versions 5.0.2, 5.0.1, 5.0.0, 4.0.0). A hard-coded cryptographic key in the registration mechanism is described as a vulnerability (CWE-321) that may allow a local attacker to disable and uninstall collectors on endpoints within the s...

CVE-2022-23441

A use of hard-coded cryptographic key vulnerability CWE-321 in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors...

Hardcoded credentials

A use of hard-coded cryptographic key vulnerability CWE-321 in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors...

CVE-2022-23441

CVE-2022-23441 affects FortiEDR and Fortinet FortiEDR versions 4.0.0, 5.0.0–5.0.2, due to a hard-coded cryptographic key (CWE-321). The vulnerability could allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors, indicating a trust-management weakn...

CVE-2022-23441

A use of hard-coded cryptographic key vulnerability CWE-321 in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors...

CVE-2022-23441

A use of hard-coded cryptographic key vulnerability CWE-321 in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors...

CVE-2022-23446

CVE-2022-23446 affects Fortinet FortiEDR v5.0.3 and earlier. Root-cause: improper control of a resource through its lifetime leading to denial of service by changing root directory access permissions. Affected component is FortiEDR; impact is application unresponsiveness (availability). No remedi...