13 matches found
EUVD-2023-32779
Malicious code in bioql PyPI...
PT-2023-28043 · Fortinet · Fortipam +1
Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.0.0 through 7.0.5 FortiPAM versions 1.0.0 through 1.0.3 FortiPAM versions 1.1.0 through 1.1.1 Description: A double free in Fortinet FortiOS and FortiPAM allows an attacker to execute unauthorized code or commands...
PT-2023-7697 · Fortinet · Fortiproxy +2
Name of the Vulnerable Software and Affected Versions: FortiProxy versions 7.2.0 through 7.2.4 FortiProxy versions 7.0.0 through 7.0.10 FortiOS versions 7.4.0 FortiOS versions 7.2.0 through 7.2.4 FortiOS versions 7.0.0 through 7.0.11 FortiOS versions 6.4.0 through 6.4.12 FortiOS versions 6.2.0...
CVE-2023-29178
A access of uninitialized pointer vulnerability CWE-824 in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests...
Null pointer dereference
A access of uninitialized pointer vulnerability CWE-824 in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests...
CVE-2023-29178
A access of uninitialized pointer vulnerability CWE-824 in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests...
Protect
An access of uninitialized pointer vulnerability CWE-824 in FortiOS administrative interface API may allow an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests...
Fortinet FortiWeb Resource Management Error Vulnerability (CNVD-2024-26508)
Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...
CVE-2021-41014
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets...
CVE-2021-41014
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets...
CVE-2021-41014
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets...
CVE-2000-0791
Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse...
CVE-2000-0791
CVE-2000-0791 describes a Trustix vulnerability where the httpsd binary (Apache-SSL) is installed with world-writeable permissions, enabling local users to replace it with a Trojan horse. The root cause is improper permissions on the httpsd executable, allowing local write access and substitution...