Denial of Service vulnerability in SSL VPN service of FortiOS

Overview :
New vulnerabilities discovered in FortiOS
Affected Product(s) :
  • FortiOS versions 6.2.1 and below.
  • FortiOS versions 6.0.6 and below.
Vulnerability Details :
CVE ID : CVE-2019-15705
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request.

Remediation / Fixes :

Please upgrade to FortiOS version 6.2.2 and above.

Please upgrade to FortiOS version 6.0.7 and above.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-44400 : ORETNOM23 PURCHASE ORDER MANAGEMENT SYSTEM 1.0 UNRESTRICTED UPLOAD

CVE-2022-44400 : ORETNOM23 PURCHASE ORDER MANAGEMENT SYSTEM 1.0 UNRESTRICTED UPLOAD

Description Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info. References https://github.com/lcg-22266/bug_report/blob/main/vendors/oretnom23/Purchase%20Order%20Management%20System/UPLOAD-1.md For More Information MITRE

CVE-2022-45919 : LINUX KERNEL UP TO 6.0.10/0221.C DVB_CA_EN50221.C DVB_CA_EN50221_IO_RELEASE USE AFTER FREE

CVE-2022-45919 : LINUX KERNEL UP TO 6.0.10/0221.C DVB_CA_EN50221.C DVB_CA_EN50221_IO_RELEASE USE AFTER FREE

Description An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is

CVE-2022-41157 : KYUNGRINARA ERP SOLUTION SERP SERVER HARD-CODED CREDENTIALS

CVE-2022-41157 : KYUNGRINARA ERP SOLUTION SERP SERVER HARD-CODED CREDENTIALS

Description A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This