Lucene search
K

5909 matches found

OSV
OSV
added 2024/05/14 5:15 p.m.4 views

CVE-2023-45583

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13,...

7.2CVSS5.9AI score0.00654EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/14 4:19 p.m.19 views

CVE-2023-46714

A stack-based buffer overflow CWE-121 vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests...

7.2CVSS8.2AI score0.014EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/14 4:19 p.m.22 views

CVE-2023-46714

A stack-based buffer overflow CWE-121 vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests...

7.2CVSS7.6AI score0.014EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/14 4:19 p.m.31 views

CVE-2024-26007

An improper check or handling of exceptional conditions vulnerability CWE-703 in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the administrative interface via crafted HTTP requests...

5.3CVSS5.7AI score0.01151EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/14 4:19 p.m.15 views

CVE-2024-26007

An improper check or handling of exceptional conditions vulnerability CWE-703 in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the administrative interface via crafted HTTP requests...

5.3CVSS7AI score0.01151EPSS
Exploits0References1
CVE
CVE
added 2024/05/14 4:19 p.m.58 views

CVE-2024-26007

Fortinet FortiOS 7.4.1 is affected by CVE-2024-26007 due to an improper check/handling of exceptional conditions (CWE-703), enabling an unauthenticated attacker to cause a denial of service on the administrative interface via crafted HTTP requests. Mitigations/updates are available; Fortinet advi...

7.5CVSS6.9AI score0.01151EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/14 4:19 p.m.14 views

CVE-2024-31491

A client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests...

8.8CVSS7.1AI score0.00834EPSS
Exploits0References1
CVE
CVE
added 2024/05/14 4:19 p.m.51 views

CVE-2024-31491

CVE-2024-31491 affects Fortinet FortiSandbox components (FortiSandbox 4.2.0–4.2.6 and 4.4.0–4.4.4). The issue stems from client-side enforcement of server-side security, enabling an attacker to execute unauthorized code or commands via HTTP requests. The connected sources specify the affected ver...

8.8CVSS7.1AI score0.00834EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/14 4:19 p.m.15 views

CVE-2024-31491

A client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests...

8.8CVSS9AI score0.00834EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/14 12:0 a.m.36 views

Fortinet Fortigate Buffer overflow in administrative interface (FG-IR-23-415)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-415 advisory. - A stack-based buffer overflow CWE-121 vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 throu...

7.2CVSS6.5AI score0.014EPSS
Exploits0References2
OSV
OSV
added 2024/05/09 4:51 p.m.16 views

GO-2024-2822 Arbitrary code execution in github.com/tiagorlampert/CHAOS

A remote attacker can execute arbitrary commands via crafted HTTP requests...

9.8CVSS8.9AI score0.80454EPSS
Exploits6References5
Veracode
Veracode
added 2024/05/08 5:11 a.m.14 views

Denial Of Service (DoS)

github.com/stacklok/minder is vulnerable to Denial Of Service DoS. The vulnerability is due to improper validation of HTTP requests before processing them in server.go, allowing untrusted requests to crash the Minder control plane, denying service to other users...

7.5CVSS7AI score0.00593EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/05/03 7:15 p.m.21 views

CVE-2022-22364

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrar...

5.3CVSS5.8AI score0.00539EPSS
Exploits0References2
CVE
CVE
added 2024/05/03 6:14 p.m.51 views

CVE-2022-22364

CVE-2022-22364 affects IBM Controller: 10.4.1, 10.4.2, and 11.0.0. The issue is an External Service Interaction vulnerability caused by improper validation of user-supplied input, allowing a remote attacker to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary...

5.3CVSS6.6AI score0.00539EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/03 6:14 p.m.12 views

CVE-2022-22364 IBM Cognos Controller security bypass

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrar...

5.3CVSS6.7AI score0.00539EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/03 6:14 p.m.14 views

CVE-2022-22364 IBM Cognos Controller security bypass

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrar...

5.3CVSS5.5AI score0.00539EPSS
Exploits0References2
OSV
OSV
added 2024/05/03 3:16 a.m.5 views

CVE-2023-51618

D-Link DIR-X3260 prog.cgi SetWLanRadioSecurity Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this...

6.8CVSS6.3AI score0.01126EPSS
Exploits0References2
OSV
OSV
added 2024/05/03 3:15 a.m.7 views

CVE-2023-39505

PDF-XChange Editor Net.HTTP.requests Exposed Dangerous Function Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that th...

5.5CVSS5.6AI score0.00357EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:15 a.m.3 views

CVE-2023-39505

PDF-XChange Editor Net.HTTP.requests Exposed Dangerous Function Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that th...

5.5CVSS5.7AI score0.00357EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/05/02 10:22 a.m.22 views

Denial Of Service (DOS)

ibm.mq is vulnerable to a Denial of service. The vulnerability is due to insufficient handling of HTTP requests, which allows an attacker to craft requests that cause excessive resource consumption. This can potentially leads to Denial of service...

7.5CVSS6.9AI score0.00925EPSS
Exploits0References2Affected Software3
Rows per page
Query Builder