誤りがあった場合はTwitterに報告をお願いします。-> Twitter《Har-sia》
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
This indicates an attack attempt to exploit an Information Disclosure Vulnerability in FortiOS.The vulnerability is due to an error in the vulnerable application when handling a malicious request. An unauthenticated attacker can exploit this to access sensitive information on the affected machine via a crafted request.
FortiOS 6.0 - 6.0.0 to 6.0.4
Information Disclosure
Refer to the vendor's advisory for updates:
https://fortiguard.com/psirt/FG-IR-18-384
Highest Score:35 (2021/04/09)
脆弱性情報:Har-sia CVE-2018-13379
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information.
Highest Score:38 (2021/04/03)
脆弱性情報:Har-sia CVE-2019-8761
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
Highest Score:180 (2021/04/21)
脆弱性情報:Har-sia CVE-2021-22893
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material.
Highest Score:35 (2021/04/15)
脆弱性情報:Har-sia CVE-2021-24027
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-27072.
Highest Score:104 (2021/04/14)
脆弱性情報:Har-sia CVE-2021-28310
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28481, CVE-2021-28482, CVE-2021-28483.
Highest Score:64 (2021/04/14)
脆弱性情報:Har-sia CVE-2021-28480
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28482, CVE-2021-28483.
Highest Score:54 (2021/04/14)
脆弱性情報:Har-sia CVE-2021-28481
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28483.
Highest Score:37 (2021/04/14)
脆弱性情報:Har-sia CVE-2021-28482
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28482.
Highest Score:39 (2021/04/14)
脆弱性情報:Har-sia CVE-2021-28483
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
Highest Score:50 (2021/04/07)
脆弱性情報:Har-sia CVE-2021-3129
管理者コメント
(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)
###---###
計10件
Tweet