5909 matches found
CVE-2023-45583
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13,...
CVE-2023-46714
A stack-based buffer overflow CWE-121 vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests...
CVE-2023-46714
A stack-based buffer overflow CWE-121 vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests...
CVE-2024-26007
An improper check or handling of exceptional conditions vulnerability CWE-703 in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the administrative interface via crafted HTTP requests...
CVE-2024-26007
An improper check or handling of exceptional conditions vulnerability CWE-703 in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the administrative interface via crafted HTTP requests...
CVE-2024-26007
Fortinet FortiOS 7.4.1 is affected by CVE-2024-26007 due to an improper check/handling of exceptional conditions (CWE-703), enabling an unauthenticated attacker to cause a denial of service on the administrative interface via crafted HTTP requests. Mitigations/updates are available; Fortinet advi...
CVE-2024-31491
A client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests...
CVE-2024-31491
CVE-2024-31491 affects Fortinet FortiSandbox components (FortiSandbox 4.2.0–4.2.6 and 4.4.0–4.4.4). The issue stems from client-side enforcement of server-side security, enabling an attacker to execute unauthorized code or commands via HTTP requests. The connected sources specify the affected ver...
CVE-2024-31491
A client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests...
Fortinet Fortigate Buffer overflow in administrative interface (FG-IR-23-415)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-415 advisory. - A stack-based buffer overflow CWE-121 vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 throu...
GO-2024-2822 Arbitrary code execution in github.com/tiagorlampert/CHAOS
A remote attacker can execute arbitrary commands via crafted HTTP requests...
Denial Of Service (DoS)
github.com/stacklok/minder is vulnerable to Denial Of Service DoS. The vulnerability is due to improper validation of HTTP requests before processing them in server.go, allowing untrusted requests to crash the Minder control plane, denying service to other users...
CVE-2022-22364
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrar...
CVE-2022-22364
CVE-2022-22364 affects IBM Controller: 10.4.1, 10.4.2, and 11.0.0. The issue is an External Service Interaction vulnerability caused by improper validation of user-supplied input, allowing a remote attacker to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary...
CVE-2022-22364 IBM Cognos Controller security bypass
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrar...
CVE-2022-22364 IBM Cognos Controller security bypass
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrar...
CVE-2023-51618
D-Link DIR-X3260 prog.cgi SetWLanRadioSecurity Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this...
CVE-2023-39505
PDF-XChange Editor Net.HTTP.requests Exposed Dangerous Function Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that th...
CVE-2023-39505
PDF-XChange Editor Net.HTTP.requests Exposed Dangerous Function Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that th...
Denial Of Service (DOS)
ibm.mq is vulnerable to a Denial of service. The vulnerability is due to insufficient handling of HTTP requests, which allows an attacker to craft requests that cause excessive resource consumption. This can potentially leads to Denial of service...