CVE Catalog

A denial-of-service vulnerability has been identified in Fortinet FortiOS. This issue affects versions 7.6.0, 7.4.4 through 7.4.0, 7.2 (all versions), 7.0 (all versions), and 6.4 (all versions). The vulnerability arises from an allocation of resources without limits or throttling, allowing remote unauthenticated attackers to disrupt access to the graphical user interface (GUI) by sending specially crafted requests to specific endpoints.

A vulnerability allowing the insertion of sensitive information into transmitted data has been identified in Fortinet FortiOS versions 7.6.0 and 7.4.0 through 7.4.4. This vulnerability may enable an attacker in a man-in-the-middle position to intercept accounting requests and retrieve the shared secret used for RADIUS accounting server communications.

A relative path traversal vulnerability has been identified in Fortinet FortiRecorder versions 7.2.0 through 7.2.1 and prior to 7.0.4. This vulnerability allows a privileged attacker to read files from the underlying filesystem by sending crafted HTTP or HTTPS requests.

A vulnerability allowing improper access control has been identified in Fortinet FortiDeceptor versions 6.0.0, 5.3.3 and below, 5.2.1 and below, 5.1.0, and 5.0.0. This vulnerability may enable an authenticated attacker with no privileges to execute operations on the central management appliance by sending crafted requests.

A vulnerability allowing OS command injection has been identified in Fortinet FortiVoice versions 7.0.0 through 7.0.4 and prior to 6.4.9. This vulnerability arises from improper neutralization of special elements used in OS commands, allowing an authenticated privileged attacker to execute unauthorized code or commands through crafted CLI requests.

A path traversal vulnerability has been identified in Fortinet FortiManager and FortiAnalyzer versions 7.4.0 to 7.4.3, 7.2.0 to 7.2.5, 7.0.2 to 7.0.12, and 6.2.10 to 6.2.13. This vulnerability arises from an improper restriction of file paths, allowing attackers to execute unauthorized code or commands by sending crafted HTTP or HTTPS requests.

A vulnerability allowing user enumeration through response timing discrepancies has been identified in Fortinet FortiClient EMS versions 7.4.0, 7.2.0 prior to 7.2.4, 7.0 all versions, and Fortinet FortiSOAR versions 7.5.0, 7.4.0 prior to 7.4.4, 7.3.0 prior to 7.3.2, 7.2 all versions, 7.0 all versions, and 6.4 all versions. This vulnerability allows an unauthenticated attacker to identify valid users by analyzing the differences in login request responses.

A vulnerability allowing for improper verification of the source of a communication channel has been identified in Fortinet FortiClient EMS versions 7.4.0, 7.2.0 through 7.2.4, 7.0 (all versions), and 6.4 (all versions). This vulnerability may enable a remote attacker to bypass the trusted host feature by manipulating session connections.

A denial-of-service vulnerability has been identified in the FortiOS SSLVPN web portal. This issue arises from an out-of-bounds read vulnerability, allowing an authenticated attacker to disrupt the SSLVPN web portal's functionality. The vulnerability is present in FortiOS SSLVPN web portal versions 7.4.0 to 7.4.4, 7.2.0 to 7.2.8, all versions of 7.0, and all versions of 6.4. The issue can be exploited by sending a specially crafted URL to the SSLVPN web portal.

A SQL injection vulnerability has been identified in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8. This vulnerability arises from improper neutralization of special elements used in SQL commands, which may allow an authenticated attacker to view SQL queries being executed on the server side. The issue can be exploited by including special elements in an HTTP request.

A vulnerability allowing unauthorized access to the configuration of managed devices has been identified in Fortinet FortiPortal versions 6.0.0 to 6.0.15 and FortiManager versions 7.4.0 to 7.4.2, 7.2.0 to 7.2.5, 7.0.0 to 7.0.12, and 6.4.0 to 6.4.14. This vulnerability arises from a missing authentication for critical functions, enabling attackers to access device configurations by sending specially crafted packets.

A stack-based buffer overflow vulnerability has been identified in Fortinet FortiAnalyzer, FortiManager, FortiManager Cloud, and FortiAnalyzer Cloud. This vulnerability affects multiple versions within the FortiAnalyzer and FortiManager product lines, as well as their cloud counterparts. The issue allows attackers to execute unauthorized code or commands by sending specially crafted packets.

A SQL injection vulnerability has been identified in Fortinet FortiAnalyzer versions 7.4.0 to 7.4.2 and FortiManager versions 7.4.0 to 7.4.2. This vulnerability arises from improper neutralization of special elements used in SQL commands, allowing attackers to escalate privileges by sending specially crafted HTTP requests.

A vulnerability allowing out-of-bounds write has been identified in Fortinet FortiManager versions 7.4.0 to 7.4.2 and FortiAnalyzer versions 7.4.0 to 7.4.2. This vulnerability allows attackers to escalate privileges by sending specially crafted HTTP requests.

A vulnerability allowing privilege escalation through specific shell commands has been identified in Fortinet FortiManager and FortiAnalyzer. This issue affects multiple versions: FortiManager versions 7.4.0 to 7.4.3, 7.2.0 to 7.2.5, 7.0.0 to 7.0.12, and 6.4.0 to 6.4.14. FortiAnalyzer versions 7.4.0 to 7.4.2, 7.2.0 to 7.2.5, 7.0.0 to 7.0.12, and 6.4.0 to 6.4.14 are also affected.

A path traversal vulnerability has been identified in Fortinet FortiManager and FortiAnalyzer. Affected versions include FortiManager and FortiAnalyzer 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.12, and 6.0.0 through 6.0.12. This vulnerability allows attackers to execute unauthorized code or commands by sending crafted HTTP or HTTPS requests that exploit the improper limitation of pathnames to restricted directories.

A relative path traversal vulnerability has been identified in Fortinet FortiManager versions 7.4.0 through 7.4.2 and prior to 7.2.5. This vulnerability allows a privileged attacker to delete files from the underlying filesystem by sending crafted HTTP or HTTPS requests.

A command injection vulnerability has been identified in Fortinet FortiSandbox versions 4.4.0 to 4.4.4, 4.2.0 to 4.2.6, and below 4.0.4. This vulnerability allows an authenticated attacker with at least read-only permissions to execute unauthorized commands by sending crafted requests. The issue arises from improper handling of special elements in operating system command execution.

A command injection vulnerability has been identified in Fortinet FortiAP-S versions 6.2 (all versions), 6.4.0 through 6.4.9, FortiAP-W2 versions 6.4 (all versions), 7.0 (all versions), 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, as well as FortiAP versions 6.4 (all versions), 7.0 (all versions), 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2. This vulnerability allows local authenticated attackers to execute unauthorized code via the command line interface (CLI).

A vulnerability allowing brute force attacks on the FortiClientEMS console has been identified in FortiClientEMS versions 7.2.0 through 7.2.4 and prior to 7.0.10. This issue arises from improper restrictions on excessive authentication attempts, enabling an unauthenticated attacker to exploit the vulnerability via crafted HTTP or HTTPS requests.

A stack-based buffer overflow vulnerability has been identified in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1. This vulnerability may allow a privileged user to execute arbitrary code by sending specially crafted CLI commands, provided the user can bypass FortiWeb's stack protections.

A denial-of-service vulnerability has been identified in Arm SCP-Firmware release versions through 2.15.0. This issue arises when specifically crafted SCMI messages are sent to an SCP, potentially leading to a Usage Fault and causing the SCP to crash.

A denial-of-service vulnerability has been identified in Arm SCP-Firmware versions through 2.15.0. The issue arises when specifically crafted SCMI messages are sent to an SCP, potentially leading to a Usage Fault and causing the SCP to crash.

A vulnerability in Phoenix Contact CHARX SEC-3000 series charge controllers, all versions prior to 1.7.0, allows an authenticated low-privileged user to escalate privileges and gain root access. This issue arises from improper file permission handling, which can be exploited to alter access rights and elevate user privileges.

A vulnerability allowing IP spoofing has been identified in Fortinet FortiOS IPSec VPN versions 7.4.0 through 7.4.1 and in version 7.2.6 and below. This origin validation error allows an authenticated IPSec VPN user with dynamic IP addressing to send packets that impersonate the IP of another user, using specially crafted network packets. However, the vulnerability does not allow the spoofed packets to be received by the targeted user.

A null pointer dereference vulnerability has been identified in Fortinet FortiOS. This issue is present in versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, as well as all versions of 7.0, 6.4, 6.2, and 6.0. The vulnerability allows an attacker to trigger a denial-of-service condition by sending a crafted HTTP request.

A null pointer dereference vulnerability has been identified in Fortinet FortiOS. This issue is present in versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, as well as all versions of 7.0, 6.4, 6.2, and 6.0. The vulnerability allows an attacker to cause a denial-of-service condition by sending a crafted HTTP request.

A command injection vulnerability has been identified in Fortinet FortiSwitch versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.7, 6.4.0 through 6.4.13, 6.2.0 through 6.2.7, and 6.0.0 through 6.0.7. This vulnerability allows attackers to execute unauthorized code or commands via the FortiSwitch command-line interface (CLI).

A vulnerability exists in Fortinet FortiSwitch versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.7, 6.4.0 through 6.4.13, 6.2.0 through 6.2.7, and 6.0.0 through 6.0.7. The issue arises from the use of a hard-coded cryptographic key, which allows attackers to execute unauthorized code or commands by sending crafted requests.

A blind SQL injection vulnerability has been identified in Fortinet FortiVoice Enterprise versions 7.0.0 through 7.0.1 and prior to 6.4.8. This vulnerability arises from improper neutralization of special elements used in SQL commands, allowing an authenticated attacker to execute crafted HTTP or HTTPS requests that exploit this weakness.

A vulnerability exists in the Mendix LDAP module, affecting all versions prior to 1.1.2, that allows for LDAP injection. This vulnerability could enable an unauthenticated remote attacker to bypass username verification.

A vulnerability exists in multiple SIPROTEC 5 products, specifically in certain versions of the 6MD84, 6MD85, 6MD86, 6MD89, 6MU85, 7KE85, 7SA82, 7SD82, 7SJ81, 7SJ82, 7SK82, 7SL82, 7SL86, 7SS85, 7ST85, 7UT82, 7UT85, 7UT86, 7UT87, 7VE85, 7VK87, 7VU85, 7SX82, 7SX85, 7SY82, 7UM85, and Compact 7SX800 (CP050) series. These devices do not properly restrict web server access to the filesystem, potentially allowing authenticated remote attackers to read arbitrary files or access the entire filesystem on affected devices.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the web interface of SIMATIC S7-1200 CPUs prior to version 4.7, including SIPLUS variants. This vulnerability allows an unauthenticated attacker to manipulate the CPU mode by deceiving a legitimate user with the necessary permissions to click on a malicious link.

A reflected cross-site scripting vulnerability has been identified in all versions of Siemens Industrial Edge Management OS (IEM-OS). This vulnerability allows attackers to extract sensitive information by deceiving users into clicking on malicious links.

A stored cross-site scripting vulnerability has been identified in the Page Builder by SiteOrigin plugin for WordPress, affecting all versions through 2.31.0. The issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Contributor-level access or higher to inject arbitrary scripts into pages. These scripts are executed when a user views the affected page.

A SQL injection vulnerability has been identified in the STEALTHONE D220 and D340 models, both running firmware through version 6.03.02. This vulnerability allows an attacker with access to the device to retrieve the administrative password for the web management interface.

An OS command injection vulnerability has been identified in the STEALTHONE D220 and D340 network storage servers, both of which are affected by firmware versions through 6.03.02. This vulnerability allows an attacker with access to the device to execute arbitrary operating system commands.

An OS command injection vulnerability has been identified in network storage servers STEALTHONE D220, D340, and D440, all provided by Y'S Corporation. This vulnerability affects users with administrative privileges who are logged into the web management interface. The flaw allows these users to execute arbitrary operating system commands.

An authentication bypass vulnerability has been identified in the Paid Membership Subscriptions plugin for WordPress, affecting all versions through 2.13.7. The issue arises in the 'pms_pb_payment_redirect_link' function, which improperly uses the 'pms_payment_id' parameter to authenticate users without adequate identity verification. This flaw allows unauthenticated attackers who know a valid payment ID to log in as any user who has made a purchase on the site.

A vulnerability allowing arbitrary file uploads has been identified in the Groundhogg WordPress plugin, specifically in versions through 3.7.3.5. This issue arises from inadequate file type validation in the 'gh_big_file_upload' function. As a result, authenticated attackers with Author-level access or higher can upload arbitrary files to the server, potentially leading to remote code execution.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Royal Elementor Addons and Templates plugin for WordPress, affecting all versions through 1.7.1006. The vulnerability arises from inadequate nonce validation in the 'wpr_filter_grid_posts()' function, allowing unauthenticated attackers to inject malicious scripts by tricking a site administrator into clicking a link.

A DOM-Based Stored Cross-Site Scripting vulnerability has been identified in the HTML5 Video Player – mp4 Video Player Plugin and Block for WordPress. This issue affects all versions through 2.5.35 and arises from inadequate input sanitization and output escaping. The vulnerability allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages, which are executed when users access the compromised pages.

A vulnerability in Keycloak allows admin users to access sensitive server environment variables and system properties through user-configurable URLs. This issue arises when admin users configure backchannel logout URLs or admin URLs, as they can include placeholders that the server replaces with actual values during URL processing. The vulnerability is present in Red Hat build of Keycloak 26.0.8, specifically within the Keycloak Quarkus server component.

A denial-of-service vulnerability exists in Keycloak that allows an administrative user with the authority to change realm settings to disrupt service. This is achieved by altering security headers and adding newlines, which causes the Keycloak server to process a request that has already been terminated, resulting in the failure of that request. Consequently, users may experience disruptions when accessing applications that rely on Keycloak or its administrative consoles within the affected realm.

A vulnerability allowing information exposure has been identified in the W3 Total Cache plugin for WordPress, affecting all versions through 2.8.1. The issue arises from a publicly accessible debug log file that can reveal sensitive information, such as nonce values, which could be exploited in cross-site request forgery (CSRF) attacks. This vulnerability requires the debug feature to be enabled, which is off by default.

A vulnerability exists in the W3 Total Cache plugin for WordPress, affecting all versions through 2.8.1. The issue arises from a lack of proper capability checks in several functions, allowing unauthenticated users to deactivate the main plugin and manage its extensions by activating or deactivating them.

A stored cross-site scripting vulnerability has been identified in the WP Booking Calendar plugin for WordPress, affecting all versions through 10.9.2. The issue arises from inadequate input sanitization and output escaping of user-supplied attributes in the 'booking' shortcode. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary scripts into pages, which are executed when users access the affected page.

A Server-Side Request Forgery (SSRF) vulnerability has been identified in Veeam Backup for Microsoft Azure, specifically in version 7.1.0.22 and all earlier versions. This vulnerability allows an unauthenticated attacker to send unauthorized requests from the system, which could lead to network enumeration or facilitate other types of attacks.

A vulnerability has been identified in the web management interface of the Zyxel WBE530 and WBE660S access points. This vulnerability, present in WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2), allows an authenticated user with limited privileges to escalate their privileges to that of an administrator. This privilege escalation could enable the user to upload configuration files to the affected device.

A stored cross-site scripting vulnerability has been identified in the WeGIA application, specifically within the 'remuneracao.php' endpoint. This issue allows attackers to inject malicious scripts into the 'descricao' parameter, which are then stored on the server. The injected scripts are executed automatically when the affected page is accessed by users, creating a significant security risk. The vulnerability arises from the application's failure to properly validate and sanitize user inputs, enabling the injection of harmful scripts that could compromise user data and systems.