Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows

Kubernetes clusters are being attacked via misconfigured Argo Workflows instances, security researchers are warning. Argo Workflows is an open-source, container-native workflow engine for orchestrating parallel jobs on Kubernetes – to speed up processing time for compute-intensive jobs like machi...

CVE-2021-2432

Vulnerability in the Java SE product of Oracle Java SE component: JNDI. The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

FortiManager & FortiAnalyzer - Use after free vulnerability in fgfmsd daemon

A Use After Free CWE-416 vulnerability in FortiManager and FortiAnalyzer fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device...

Fortinet FortiMail SQL Injection Vulnerability

Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides e-mail security and data protection features. A security vulnerability exists in Fortinet FortiMail that can be exploited by an attacker to execute unauthorized code or commands via...

Buffer overflow

Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically...

Sql injection

Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

CVE-2021-24007

Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

CVE-2021-24007

Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

CVE-2021-24007

CVE-2021-24007 affects Fortinet FortiMail. The FortiMail SQL Injection vulnerabilities are due to multiple improper neutralization of special elements of SQL commands, allowing a non-authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests. The issue is ...

CVE-2021-22129

Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically...

CVE-2021-22129

CVE-2021-22129 affects Fortinet FortiMail before 6.4.5, where multiple instances of incorrect calculation of buffer size in FortiMail Webmail and Admin interfaces may allow an authenticated attacker with regular Webmail access to trigger a buffer overflow and possibly execute unauthorized code or...

Fortinet FortiMail SQL注入漏洞

Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides e-mail security and data protection features. A security vulnerability exists in Fortinet FortiMail that can be exploited by an attacker to execute unauthorized code or commands via...

FortiMail - Multiple buffer overflows

Multiple instances of incorrect calculation of buffer size in FortiMail Webmail and Administrative interface may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests...

FortiMail - SQL Injection vulnerabilities

Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

FortiWLC - Multiple Buffer Overflow vulnerabilities

Multiple instances of stack-based buffer overflow vulnerability CWE-121 in the command line interface of FortiWLC may allow a local, authenticated attacker to crash the access point being managed by the controller and potentially execute unauthorized code via a specifically crafted CLI command...

CVE-2021-22735

Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied to the device...

CVE-2021-22734

Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthorized code...

CVE-2021-22732

Improper Privilege Management vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could cause a code execution issue when an attacker loads unauthorized code on the web server...

CVE-2021-22732

Improper Privilege Management vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could cause a code execution issue when an attacker loads unauthorized code on the web server...

Privilege escalation

Improper Privilege Management vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could cause a code execution issue when an attacker loads unauthorized code on the web server...