26 matches found
EUVD-2020-27796
Malware in sbrugna...
EUVD-2021-28173
Malicious code in bioql PyPI...
EUVD-2024-24972
Malicious code in bioql PyPI...
CVE-2024-32124
An improper access control vulnerability CWE-284 in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request...
CVE-2024-32124
CVE-2024-32124 affects Fortinet FortiIsolator, specifically affected versions 2.3 through 2.4.4. The root cause is an improper access control in the logging component, which may allow a remote authenticated read-only attacker to alter logs by sending a crafted HTTP request. Documented impact is l...
CVE-2024-27779
An insufficient session expiration vulnerability CWE-613 in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all...
Fortinet FortiIsolator Operating System Command Injection Vulnerability
Fortinet FortiIsolator is a Fortinet application that provides remote security isolation for browsers. The application adds additional advanced threat protection capabilities to the Fortinet Security Fabric and protects business-critical data from sophisticated threats on the Web. Content and fil...
CVE-2024-54024
An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests...
CVE-2022-22298
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2,...
CVE-2022-22298
Fortinet CVE-2022-22298 describes OS command injection in FortiIsolator. Affected versions include 1.0.0, 1.1.0, 1.2.0–1.2.2, 2.0.0–2.0.1, 2.1.0–2.1.2, 2.2.0, and 2.3.0–2.3.4. The root cause is improper neutralization of special elements in input parameters, allowing an attacker to execute arbitr...
CVE-2021-41020
An improper access control vulnerability CWE-284 in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL...
Improper access control
An improper access control vulnerability CWE-284 in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL...
CVE-2021-41020
An improper access control vulnerability CWE-284 in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL...
CVE-2021-41020
An improper access control vulnerability CWE-284 in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL...
CVE-2021-41020
CVE-2021-41020 concerns FortiIsolator up to version 2.3.2, where an authenticated, non-privileged attacker can regenerate the CA certificate via the regeneration URL due to an improper access control (CWE-284). Documents consistently describe this as a vulnerability in FortiIsolator 2.3.2 and ear...
FortiIsolator -- Unauthorized user able to regenerate CA certificate
An improper access control vulnerability CWE-284 in FortiIsolator may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL...
CVE-2020-6649
An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks...
Session fixation
An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks...
CVE-2020-6649
An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks...
CVE-2020-6649
An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks...