CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe.

** PSIRT Advisories**

**FortiClientWindows - Arbitrary file creation by unprivileged users**

**Summary**

A relative path traversal \[CWE-23\] vulnerability in FortiClientWindows may allow a local low privileged attacker to perform arbitrary file creation on the device filesystem.

**Affected Products**

FortiClientWindows version 7.0.0 through 7.0.7  
FortiClientWindows 6.4 all versions  
FortiClientWindows 6.2 all versions  
FortiClientWindows 6.0 all versions

**Solutions**

Please upgrade to FortiClientWindows version 7.2.0 or above  
Please upgrade to FortiClientWindows version 7.0.8 or above

**Acknowledgement**

Fortinet is pleased to thank Daniel Hulliger from Armasuisse CYD Campus for reporting this vulnerability under responsible disclosure.

**Timeline**

2023-03-28: Initial publication

Headline

CVE-2022-42470: Fortiguard

CVE: Latest News