CVE-2023-37931

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability CWE-88 in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to perform a blind sql injection attack via sending crafted HTTP or HTTPS requests...

CVE-2024-32117

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a...

CVE-2023-47543

An authorization bypass through user-controlled key vulnerability CWE-639 in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests...

CVE-2023-47543

An authorization bypass through user-controlled key vulnerability CWE-639 in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests...

CVE-2024-32117

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a...

CVE-2024-32117

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a...

The vulnerability of the Cisco AnyConnect VPN server’s microprogramming software in Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateways allows a intruder to trigger a service failure.

The vulnerability of the Cisco AnyConnect VPN server, a microprogramming software for Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateways, is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to cause service...

CVE-2024-20502

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource management while establishi...

CVE-2024-20501

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficie...

CVE-2024-20502

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource management while establishi...

PT-2024-18670 · Cisco · Cisco Meraki Z Series Teleworker Gateway +2

Name of the Vulnerable Software and Affected Versions: Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices affected versions not specified Description: A vulnerability in the Cisco AnyConnect VPN server could allow an unauthenticated, remote attacker to cause a DoS condition on a...

CVE-2024-21759

An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests...

CVE-2024-21759

An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests...

Malicious code in httpsrequestsfast (PyPI)

--- -= Per source details. Do not edit below this line.=-...

CVE-2023-46714

A stack-based buffer overflow CWE-121 vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests...

CVE-2023-44250

An improper privilege management vulnerability CWE-269 in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests...

The vulnerability of the FortiWAN traffic balancing system, related to deficiencies in authentication procedures, allows attackers to increase their privileges.

The vulnerability of the FortiWAN traffic balancing system is related to deficiencies in authentication procedures due to the use of a static key during the processing of JWT tokens. Exploiting this vulnerability allows an attacker to enhance their privileges by sending specially crafted HTTP and...

CVE-2023-44251

UNSUPPORTED WHEN ASSIGNED A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability CWE-22 in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via...

Path traversal

UNSUPPORTED WHEN ASSIGNED A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability CWE-22 in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via...

CVE-2023-44251

UNSUPPORTED WHEN ASSIGNED A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability CWE-22 in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via...