CVE-2022-27489

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

CVE-2023-23783

A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments...

CVE-2023-23783

A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments...

CVE-2023-25602

The CVE-2023-25602 entry documents a stack-based buffer overflow in Fortinet FortiWeb across multiple versions (6.4 and earlier, 6.3.17 and earlier, 6.2.6 and earlier, 6.1.2 and earlier, 6.0.7 and earlier, 5.9.1 and earlier, 5.8 all versions, 5.7 all versions, 5.6 all versions) that permits an at...

CVE-2023-25602

A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and earlier, FortiWeb 5.8 all versions, FortiWeb 5.7 al...

CVE-2023-25602

A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and earlier, FortiWeb 5.8 all versions, FortiWeb 5.7 al...

FortiWeb - format string vulnerability in the CLI

A format string vulnerability CWE-134 in the command line interpreter of FortiWeb may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments...

Fortinet FortiExtender 操作系统命令注入漏洞

Fortinet FortiExtender is a wireless WAN wide area network extender device from Fortinet, Inc. A security vulnerability exists in Fortinet FortiExtender versions 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and prior versions, which stems from an unsatisfactory neutralization of special elements used in os...

Fortinet FortiWeb 格式化字符串错误漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A formatted string error vulnerability exist...

PT-2023-13888 · Fortinet · Fortinac

Name of the Vulnerable Software and Affected Versions: Fortinet FortiNAC versions 8.3.7, 8.5.0 through 8.5.4, 8.6.0 through 8.6.5, 8.7.0 through 8.7.6, 8.8.0 through 8.8.11, 9.1.0 through 9.1.7, 9.2.0 through 9.2.5, 9.4.0 Description: The issue is related to improper neutralization of argument...

Fortinet FortiNAC 安全漏洞

Fortinet FortiNAC is a zero-trust access solution from Fortinet, Inc. A security vulnerability exists in Fortinet FortiNAC. An attacker could exploit the vulnerability to execute unauthorized code or commands via specially crafted HTTP requests. The following versions are affected: version 9.4.0,...

Fortinet FortiNAC 参数注入漏洞

Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is primarily used for network access control and IoT security. Fortinet FortiNAC has a security vulnerability that originates from improper parameter neutralization. An attacker could...

PT-2023-3051 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: FortiWeb versions 6.4 and earlier FortiWeb versions 6.3.17 and earlier FortiWeb versions 6.2.6 and earlier FortiWeb versions 6.1.2 and earlier FortiWeb versions 6.0.7 and earlier FortiWeb versions 5.9.1 and earlier FortiWeb 5.8 all versions...

Fortinet FortiWeb 资源管理错误漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A resource management error vulnerability...

Medium: protobuf

Issue Overview: A flaw was found in protobuf. The vulnerability occurs due to incorrect parsing of a NULL character in the proto symbol and leads to a Null pointer dereference. This flaw allows an attacker to execute unauthorized code or commands, read memory, modify memory. CVE-2021-22570 Affect...

CVE-2022-38773

The CVE-2022-38773 issue affects Siemens S7-1500 CPU family where devices lack an Immutable Root of Trust in hardware. This prevents boot-time code integrity validation, enabling an attacker with physical access to replace the boot image and run arbitrary code. Connected sources (e.g., Red Hat ad...

NVIDIA GPU Display Driver Advisory - October 2021 - Lenovo Support US

No description provided...

Fortinet FortiADC OS Command Injection Vulnerability

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. A security vulnerability exists in several versions of Fortinet FortiADC due to incorrect handling of special elements used in os commands, which could be exploited by an attacker to execute unauthorized code or commands...

Fortinet Releases Security Updates for FortiADC

Fortinet has released a security advisory to address a vulnerability in multiple versions of FortiADC. This vulnerability may allow a remote attacker “to execute unauthorized code or commands via specifically crafted HTTP requests.” CISA encourages users and administrators to review Fortinet...

CVE-2022-39947

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC version 5.4.0 through 5.4...