CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it.

** PSIRT Advisories**

**FortiOS - Flaws over krb keytab encryption scheme**

**Summary**

A missing cryptographic steps vulnerability \[CWE-325\] in the functions that encrypt the keytab files in FortiOS may allow an attacker in possession of the encrypted file to decipher it.

**Affected Products**

At least  
FortiOS version 7.2.0  
FortiOS version 7.0.0 through 7.0.5  
FortiOS version 6.4.0 through 6.4.9  
FortiOS version 6.2.0 through 6.2.11  
FortiOS version 6.0.0 through 6.0.14

**Solutions**

Upgrade to FortiOS version 7.2.1 or above.

Upgrade to FortiOS version 7.0.6 or above.

**Acknowledgement**

Internally discovered and reported by Théo Leleu of Fortinet Product Security team.

Headline

CVE-2022-29053: Fortiguard

CVE: Latest News