PSIRT Advisories
PSIRT Advisories
- FortiAP-U - Relative path traversal vulnerability in CLI
- FortiClient (Windows) - Arbitrary file write as SYSTEM
- Multiple vulnerabilities in Apache Airflow
- FortiAuthenticator - XSS vulnerability in OWA login page
- FortiTokenMobile - Missing digital certificate validation
- Multiple products - Lack of certificate verification when establishing secure connections
- FortiDDoS - Use of hardcoded key for the JWT token
- FortiClient - Privilege escalation in FortiClient installer
- FortiSOAR - Improper access control on gateway API
- FortiIsolator -- Unauthorized user able to regenerate CA certificate
- FortiOS - Improper Inter-VDOM access control
- FortiNAC - SQL Injection
- FortiOS & FortiProxy - Information disclosure in web proxy error pages
- FortiOS - Lack of certificate verification when establishing secure connections to some external end-points
- Multiple vulnerabilities in PJSIP library
- FortiProxy & FortiOS - XSS vulnerability in Web Filter Block Override Form
- FortiWAN - Improper cryptographic operations in Dynamic Tunnel Protocol
- FortiWAN - Stack-based buffer overflow in bmstatd
- FortiWAN - Pervasive SQL injection
- FortiWAN - Stored Cross-site scripting in log viewer
- FortiWAN - Use of hardcoded salt for password hashing
- FortiWAN - Pervasive OS command injection
- FortiEDR - Hardcoded AES key enable disabling local Collector
- FortiEDR - Insecure RSA key transport
- FortiEDR - Denial of service due to folder access permission change
- FortiWLC - Access of Uninitialized Pointer vulnerability
- FortiClient (Windows) - privilege escalation in online installer due to incorrect working directory
- FortiClient (Linux) - Improper directories permissions
- FortiClient (Linux) - external access to confighandler webserver
- CVE-2022-22965 and CVE-2022-22963 vulnerabilities
Do you like cookies? 🍪 I use cookies to ensure you get the best experience on my website. More cookies info