CVE-2021-36179

A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution...

CVE-2021-36182

A Improper neutralization of special elements used in a command 'Command Injection' in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

Command injection

A Improper neutralization of special elements used in a command 'Command Injection' in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

Stack overflow

A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution...

CVE-2021-36182

A Improper neutralization of special elements used in a command 'Command Injection' in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

CVE-2021-36179

Fortinet FortiWeb suffers a stack-based buffer overflow in its CLI interface, enabling an authenticated attacker to execute arbitrary code or commands via crafted config backup parameters. The CVE-2021-36179 affects FortiWeb versions 6.3.14 and earlier and 6.2.4 and earlier. Fortinet’s PSIRT FG-I...

CVE-2021-39132

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with ...

Authentication flaw

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with ...

CVE-2021-39132 YAML deserialization can run untrusted code

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with ...

Microsoft OneFuzz has an unspecified vulnerability

Microsoft OneFuzz is a cross-platform, free and open source fuzz testing framework from Microsoft Corporation Microsoft.A security vulnerability exists in Microsoft OneFuzz versions 2.12.0 through 2.31.0, which stems from an incomplete authorization check in the affected product versions, which c...

CVE-2021-26097

FortiSandbox has an OS command injection flaw (CVE-2021-26097) affecting 3.2.0–3.2.2, 3.1.0–3.1.4, and 3.0.0–3.0.6. The issue arises from improper neutralization of special elements in OS command handling, enabling an authenticated attacker with web GUI access to execute unauthorized code or comm...

FortiSandbox - Command injection in web interface

An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests...

Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows

Kubernetes clusters are being attacked via misconfigured Argo Workflows instances, security researchers are warning. Argo Workflows is an open-source, container-native workflow engine for orchestrating parallel jobs on Kubernetes – to speed up processing time for compute-intensive jobs like machi...

CVE-2021-2432

Vulnerability in the Java SE product of Oracle Java SE component: JNDI. The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

Fortinet FortiMail SQL Injection Vulnerability

Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides e-mail security and data protection features. A security vulnerability exists in Fortinet FortiMail that can be exploited by an attacker to execute unauthorized code or commands via...

Sql injection

Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

CVE-2021-24007

CVE-2021-24007 affects Fortinet FortiMail. The FortiMail SQL Injection vulnerabilities are due to multiple improper neutralization of special elements of SQL commands, allowing a non-authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests. The issue is ...

CVE-2021-24007

Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

CVE-2021-22129

CVE-2021-22129 affects Fortinet FortiMail before 6.4.5, where multiple instances of incorrect calculation of buffer size in FortiMail Webmail and Admin interfaces may allow an authenticated attacker with regular Webmail access to trigger a buffer overflow and possibly execute unauthorized code or...

CVE-2021-22129

Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically...