Fortinet FortiOS Buffer Overflow (FG-IR-21-206)

The remote host is running a version of FortiOS that is 6.0.x through 6.0.14, 6.2.x through 6.2.10, 6.4.x through 6.4.8, or 7.0.x through 7.0.2. It is, therefore, affected by a stack-based buffer overflow vulnerability. An authenticated, remote attacker can exploit this issue, via specially craft...

Protect

A stack-based buffer overflow vulnerability CWE-121 in the command line interpreter of FortiOS and FortiProxy may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments...

CVE-2021-33021

CVE-2021-33021 affects xArrow SCADA — versions 7.2 and prior — with a cross-site scripting vulnerability in the web interface (parameter edate in xhisalarm.htm). Root cause: improper input handling during web page generation (CWE-79). Impact per sources: remote code execution risk; CVSS v3 base s...

Joplin Vulnerable to Cross-site Scripting in Note Content

Joplin version prior to 1.0.90 contains a Cross-site Scripting XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here...

GHSA-7V85-6HV2-RWGW Missing certificate validation in Apache JMeter

When using Distributed Test only RMI based, Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

Missing certificate validation in Apache JMeter

In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. This only affect those running in Distributed mode. In distributed mode, JMeter makes...

CVE-2022-26116

Multiple improper neutralization of special elements used in SQL commands 'SQL Injection' vulnerability CWE-89 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attack...

CVE-2022-26116

Multiple improper neutralization of special elements used in SQL commands 'SQL Injection' vulnerability CWE-89 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attack...

CVE-2022-26116

Multiple improper neutralization of special elements used in SQL commands 'SQL Injection' vulnerability CWE-89 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attack...

Sql injection

Multiple improper neutralization of special elements used in SQL commands 'SQL Injection' vulnerability CWE-89 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attack...

CVE-2022-26116

Multiple improper neutralization of special elements used in SQL commands 'SQL Injection' vulnerability CWE-89 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attack...

FortiNAC - SQL Injection

Multiple improper neutralization of special elements used in SQL commands 'SQL Injection' vulnerability CWE-89 in FortiNAC may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters...

The vulnerability of the FortiGate network firewall’s debugging function for FortiOS operating systems allows a hacker to execute arbitrary code or commands.

The vulnerability of the FortiGate network firewall’s debugging function for FortiOS operating systems is related to authentication errors. Exploiting this vulnerability allows a perpetrator to execute unauthorized code or commands using certain console command sequences like “print str” and “cmd...

CVE-2019-6834

A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. Affected Product: Schneide...

Fortinet FortiWAN SQL Injection Vulnerability

Fortinet FortiWan is a network appliance from Fortinet, Inc. It is used to perform load balancing and fault tolerance across different networks. SQL injection vulnerability exists in versions prior to Fortinet FortiWAN 4.5.9, which stems from a program that does not properly filter special elemen...

Command injection

Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before 4.5.9 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

Security Bulletin: Vulnerabilities in Java SE and Eclipse OpenJ9 affect IBM Control Center (CVE-2020-14803 & CVE-2020-27221)

Summary A buffer overflow flaw has been found in a widely used function in the OpenJ9 JVM, which is employed when writingcharacters to a file. We have not identified any specific exploits, but it is very likely that the flaw is exploitable to trigger a crash or run arbitrary code. The fix ensures...

CVE-2022-23934

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure...

CVE-2022-23931

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure...

CVE-2022-23933

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure...