CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.

** PSIRT Advisories**

**FortiOS - Privilege escalation via switch-control CLI command**

**Summary**

An improper neutralization of special elements used in an os command \[CWE-78\] vulnerability in FortiOS may allow an authenticated attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.

**Affected Products**

FortiOS version 6.0.0 through 6.0.14  
FortiOS version 6.2.0 through 6.2.10  
FortiOS version 6.4.0 through 6.4.8  
FortiOS version 7.0.0 through 7.0.3

**Solutions**

Upgrade to FortiOS version 7.0.7 or above  
Upgrade to FortiOS version 6.4.9 or above  
Upgrade to FortiOS version 6.2.11 or above  
Upgrade to FortiOS version 6.0.15 or above

Headline

CVE-2021-44171: Fortiguard

CVE: Latest News