Fortinet FortiOS SSL-VPN contains a path traversal vulnerability allowing unauthenticated attackers to download system files including session tokens and credentials, massively exploited from 2019 onward by APT and ransomware groups.
aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.