CVE-2023-42784

MEDIUM Year: 2023
CVSS v3 Score
5.6
Medium
Weakness Type
CWE-228
View all →

Vulnerability Description

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.

Related Vulnerabilities

CVE-2024-55594

MEDIUM
CVSS:5.6(Medium)

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthor...

CWE-2282024

CVE-2021-36199

MEDIUM
CVSS:5.3(Medium)

Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop.

CWE-2282021

CVE-2024-22815

MEDIUM
CVSS:5.3(Medium)

An issue in the communication protocol of Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) via crafted commands.

CWE-2282024

CVE-2024-6382

MEDIUM
CVSS:6.4(Medium)

Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This ...

CWE-2282024

CVE-2024-22809

MEDIUM
CVSS:6.5(Medium)

Incorrect access control in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to access the G code's shared folder and view sensitive information.

CWE-2282024

CVE-2018-5381

HIGH
CVSS:7.5(High)

The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infi...

CWE-2282018