The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Fortinet FortiAnalyzer Virtual Appliance

cybersecurity vulnerability CVE-2017-17541

FortiAnalyzer, FortiManager: Cross Site Scripting via CA And CRL Certificate View Page

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via CA And CRL Certificate View Page of FortiAnalyzer/FortiManager, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 06/07/2018.
Identifiers: CERTFR-2018-AVI-326, CVE-2017-17541, FG-IR-17-305, VIGILANCE-VUL-26643.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The FortiAnalyzer/FortiManager product offers a web service.

However, it does not filter received data via CA And CRL Certificate View Page before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via CA And CRL Certificate View Page of FortiAnalyzer/FortiManager, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2018-1355

FortiAnalyzer, FortiManager: open redirect via PDF File

Synthesis of the vulnerability

An attacker can deceive the user via PDF File of FortiAnalyzer/FortiManager, in order to redirect him to a malicious site.
Severity: 1/4.
Creation date: 25/06/2018.
Identifiers: CERTFR-2018-AVI-303, CVE-2018-1355, FG-IR-18-022, VIGILANCE-VUL-26527.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can deceive the user via PDF File of FortiAnalyzer/FortiManager, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-1354

FortiAnalyzer, FortiManager: Cross Site Scripting via Avatar Picture

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Avatar Picture of FortiAnalyzer/FortiManager, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 25/06/2018.
Identifiers: CERTFR-2018-AVI-303, CVE-2018-1354, FG-IR-18-014, VIGILANCE-VUL-26526.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via Avatar Picture of FortiAnalyzer/FortiManager, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2017-3126

FortiAnalyzer, FortiManager: open redirect

Synthesis of the vulnerability

An attacker can deceive the user of FortiAnalyzer / FortiManager, in order to redirect him to a malicious site.
Severity: 1/4.
Creation date: 19/05/2017.
Identifiers: CVE-2017-3126, FG-IR-17-014, VIGILANCE-VUL-22773.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The FortiAnalyzer / FortiManager product offers a web service.

However, the web service accepts to redirect the victim with no warning, to an external site indicated by the attacker.

An attacker can therefore deceive the user of FortiAnalyzer / FortiManager, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-10166 CVE-2016-10167 CVE-2016-10168

libgd2: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libgd2.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 30/01/2017.
Identifiers: CERTFR-2017-AVI-237, CVE-2016-10166, CVE-2016-10167, CVE-2016-10168, DLA-804-1, DSA-3777-1, FEDORA-2017-9a5b89363f, FEDORA-2017-f787c35494, FG-IR-17-051, openSUSE-SU-2017:0548-1, openSUSE-SU-2017:0588-1, RHSA-2017:3221-01, RHSA-2018:1296-01, RHSA-2019:2519-01, RHSA-2019:3299-01, SSA:2017-041-03, SSA:2018-120-01, SUSE-SU-2017:0534-1, SUSE-SU-2017:0556-1, SUSE-SU-2017:0568-1, USN-3213-1, VIGILANCE-VUL-21699.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in libgd2.

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-10166]

An attacker can trigger a fatal error, in order to trigger a denial of service. [severity:2/4; CVE-2016-10167]

An attacker can generate an integer overflow via Chunks, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-10168]
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2016-7055 CVE-2017-3730 CVE-2017-3731

OpenSSL: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 26/01/2017.
Identifiers: 1117414, 2000544, 2000988, 2000990, 2002331, 2004036, 2004940, 2009389, 2010154, 2011567, 2012827, 2014202, 2014651, 2014669, 2015080, BSA-2016-204, BSA-2016-207, BSA-2016-211, BSA-2016-212, BSA-2016-213, BSA-2016-216, BSA-2016-234, bulletinapr2017, bulletinjan2018, bulletinoct2017, CERTFR-2017-AVI-035, CERTFR-2018-AVI-343, cisco-sa-20170130-openssl, cpuapr2017, cpuapr2019, cpujan2018, cpujul2017, cpujul2018, cpuoct2017, CVE-2016-7055, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732, DLA-814-1, DSA-3773-1, FEDORA-2017-3451dbec48, FEDORA-2017-e853b4144f, FG-IR-17-019, FreeBSD-SA-17:02.openssl, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10775, K37526132, K43570545, K44512851, K-510805, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0481-1, openSUSE-SU-2017:0487-1, openSUSE-SU-2017:0527-1, openSUSE-SU-2017:0941-1, openSUSE-SU-2017:2011-1, openSUSE-SU-2017:2868-1, openSUSE-SU-2018:0458-1, PAN-70674, PAN-73914, PAN-SA-2017-0012, PAN-SA-2017-0014, PAN-SA-2017-0016, RHSA-2017:0286-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA141, SA40423, SB10188, SSA:2017-041-02, SUSE-SU-2018:0112-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, TNS-2017-03, USN-3181-1, VIGILANCE-VUL-21692.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can force a read at an invalid address via Truncated Packet, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2017-3731]

An attacker can force a NULL pointer to be dereferenced via DHE/ECDHE Parameters, in order to trigger a denial of service. [severity:2/4; CVE-2017-3730]

An attacker can use a carry propagation error via BN_mod_exp(), in order to compute the private key. [severity:1/4; CVE-2017-3732]

An error occurs in the Broadwell-specific Montgomery Multiplication Procedure, but with no apparent impact. [severity:1/4; CVE-2016-7055]
Full Vigil@nce bulletin... (Free trial)

cybersecurity alert CVE-2016-6912 CVE-2016-9317

gd: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of gd.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 24/01/2017.
Identifiers: CERTFR-2017-AVI-237, CVE-2016-6912, CVE-2016-9317, DSA-3777-1, FEDORA-2017-2717b02630, FEDORA-2017-9a5b89363f, FEDORA-2017-bab5698540, FEDORA-2017-f787c35494, FG-IR-17-051, openSUSE-SU-2017:0548-1, SSA:2018-120-01, USN-3213-1, VIGILANCE-VUL-21664.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of gd.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2016-9933

gd: denial of service via gdImageFillToBorder

Synthesis of the vulnerability

An attacker can generate a fatal error via gdImageFillToBorder() of gd, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 22/12/2016.
Identifiers: CERTFR-2017-AVI-237, CVE-2016-9933, DLA-758-1, DSA-3751-1, FG-IR-17-051, HT207483, openSUSE-SU-2016:3228-1, openSUSE-SU-2017:0006-1, openSUSE-SU-2017:0061-1, openSUSE-SU-2017:0081-1, openSUSE-SU-2017:0598-1, RHSA-2018:1296-01, USN-3213-1, VIGILANCE-VUL-21458.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via gdImageFillToBorder() of gd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2016-7053 CVE-2016-7054 CVE-2016-7055

OpenSSL 1.1: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL 1.1.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 10/11/2016.
Revision date: 13/12/2016.
Identifiers: 2004036, 2004940, 2011567, 492284, 492616, bulletinapr2017, CERTFR-2018-AVI-343, cisco-sa-20161114-openssl, cpuapr2019, cpujan2018, cpujul2017, CVE-2016-7053, CVE-2016-7054, CVE-2016-7055, ESA-2016-148, ESA-2016-149, FG-IR-17-019, JSA10775, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0527-1, openSUSE-SU-2017:0941-1, openSUSE-SU-2018:0458-1, SA40423, VIGILANCE-VUL-21093.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL 1.1.

An attacker can generate a buffer overflow via ChaCha20/Poly1305, in order to trigger a denial of service. [severity:2/4; CVE-2016-7054]

An attacker can force a NULL pointer to be dereferenced via CMS Structures, in order to trigger a denial of service. [severity:2/4; CVE-2016-7053]

An error occurs in the Broadwell-specific Montgomery Multiplication Procedure, but with no apparent impact. [severity:1/4; CVE-2016-7055]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2015-7363

FortiAnalyzer, FortiManager: Cross Site Scripting via Report Filters

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Report Filters of FortiAnalyzer or FortiManager, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 06/10/2016.
Identifiers: CVE-2015-7363, VIGILANCE-VUL-20790.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The FortiAnalyzer and FortiManager products offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Report Filters of FortiAnalyzer or FortiManager, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Fortinet FortiAnalyzer Virtual Appliance: