admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-07-19 14:00:51 +00:00
parent ef7913891a
commit 00c6f01375
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
4 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
2022/29xxx/CVE-2022-29057.json
View File

@ -66,13 +66,12 @@
"url": "https://fortiguard.com/psirt/FG-IR-22-077"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to\u00a0perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints."
"value": "A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints."
}
]
}

4
2022/29xxx/CVE-2022-29060.json
View File

@ -66,14 +66,12 @@
"url": "https://fortiguard.com/psirt/FG-IR-22-071"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker\u00a0who managed to retrieve the key from one device to sign JWT tokens for any device."
"value": "A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device."
}
]
}

2
2022/30xxx/CVE-2022-30301.json
View File

@ -71,7 +71,7 @@
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability\u00a0[CWE-22] in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands."
"value": "A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands."
}
]
}

3
2022/30xxx/CVE-2022-30302.json
View File

@ -66,13 +66,12 @@
"url": "https://fortiguard.com/psirt/FG-IR-21-213"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple relative path traversal vulnerabilities\u00a0[CWE-23] in FortiDeceptor\u00a0management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and\u00a0authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests."
"value": "Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests."
}
]
}