admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-12-08 13:01:14 +00:00
parent 79ed1f3ef4
commit 1db5ee45c8
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
3 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2021/26xxx/CVE-2021-26103.json
View File

@ -71,7 +71,7 @@
"description_data": [
{
"lang": "eng",
"value": "An insufficient verification of data authenticity vulnerability (CWE-345)\u00a0in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate\u00a0verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack\u00a0. Only SSL VPN in web mode or full mode are impacted by this vulnerability."
"value": "An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability."
}
]
}

2
2021/26xxx/CVE-2021-26109.json
View File

@ -71,7 +71,7 @@
"description_data": [
{
"lang": "eng",
"value": "An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt\u00a0control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution."
"value": "An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution."
}
]
}

2
2021/32xxx/CVE-2021-32591.json
View File

@ -71,7 +71,7 @@
"description_data": [
{
"lang": "eng",
"value": "A missing cryptographic steps vulnerability\u00a0in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an\u00a0attacker in\u00a0possession of the password store to compromise\u00a0the confidentiality of the encrypted secrets."
"value": "A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets."
}
]
}