Skip to main content
CVE-2018-13379 CRITICAL POC KEV THREAT Emergency

Fortinet FortiOS SSL-VPN contains a path traversal vulnerability allowing unauthenticated attackers to download system files including session tokens and credentials, massively exploited from 2019 onward by APT and ransomware groups.

NVD Exploit-DB
CVSS 3.1
9.1
EPSS
94.5%
Threat
9.7
CVE-2019-12730 CRITICAL PATCH Act Now

aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Ffmpeg
NVD GitHub
CVSS 3.0
9.8
EPSS
3.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy