CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and  6.1.0 all versions may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

** PSIRT Advisories**

**FortiADC - Command injection in Automation/Webhook module**

**Summary**

An improper neutralization of special elements used in an OS command vulnerability \[CWE-78\] in the management interface of FortiADC may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

**Affected Products**

FortiADC version 7.1.0 through 7.1.1  
FortiADC version 7.0.0 through 7.0.3  
FortiADC version 6.2.0 through 6.2.5  
FortiADC version 6.1.0 all versions

**Solutions**

Please upgrade to FortiADC version 7.1.2 or above  
Please upgrade to FortiADC version 7.0.4 or above  
Please upgrade to FortiADC version 6.2.6 or above

**Timeline**

2023-08-30: Initial publication

Headline

CVE-2022-35849: Fortiguard

CVE: Latest News