J. Liu

**Name of the Vulnerable Software and Affected Versions** Fortinet FortiWeb versions 7.0 through 8.0.2 Fortinet FortiWeb version 7.2 Fortinet FortiWeb version 7.4 Fortinet FortiWeb versions 7.6.0 through 7.6.6 Fortinet FortiWeb version 8.0 **Description** The software contains a NULL pointer dereference issue [CWE-476]. An authenticated attacker can potentially cause the HTTP daemon to crash by sending specially crafted HTTP requests. The issue affects multiple major versions of the software. **Recommendations** FortiWeb versions prior to 8.0.2 are affected.

**Name of the Vulnerable Software and Affected Versions** Dell UnityVSA versions prior to 5.4 **Description** Dell UnityVSA versions 5.4 and earlier are susceptible to an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') issue. A local attacker with low privileges could potentially exploit this, resulting in arbitrary command execution with root privileges. **Recommendations** Update Dell UnityVSA to a version later than 5.4.