Filtered by vendor Fortinet
Subscriptions
Total
741 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-33509 | 1 Fortinet | 1 Fortiweb | 2024-09-09 | 4.4 Medium |
An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the device and different endpoints used to fetch data for Web Application Firewall (WAF). | ||||
CVE-2024-27785 | 1 Fortinet | 1 Fortiaiops | 2024-09-09 | 5.1 Medium |
An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps version 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports. | ||||
CVE-2024-27784 | 1 Fortinet | 1 Fortiaiops | 2024-09-09 | 8.3 High |
Multiple Exposure of sensitive information to an unauthorized actor vulnerabilities [CWE-200] in FortiAIOps version 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files. | ||||
CVE-2024-26015 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-09-09 | 3.1 Low |
An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests. | ||||
CVE-2024-23663 | 1 Fortinet | 2 Fortiextender, Fortiextender Firmware | 2024-09-09 | 8.1 High |
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request. | ||||
CVE-2024-21759 | 1 Fortinet | 1 Fortiportal | 2024-09-09 | 3.9 Low |
An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests. | ||||
CVE-2023-50181 | 1 Fortinet | 1 Fortiadc | 2024-09-09 | 4.8 Medium |
An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests. | ||||
CVE-2023-50179 | 1 Fortinet | 1 Fortiadc | 2024-09-09 | 4.7 Medium |
An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and public SDN connectors. | ||||
CVE-2023-42783 | 1 Fortinet | 1 Fortiwlm | 2024-08-30 | 7.3 High |
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests. | ||||
CVE-2023-36641 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-08-30 | 6.2 Medium |
A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5, FortiOS version 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions allows attacker to denial of service via specifically crafted HTTP requests. | ||||
CVE-2023-28002 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-08-30 | 5.8 Medium |
An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.2 all versions, 7.0 all versions, 2.0 all versions VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place. | ||||
CVE-2023-45582 | 1 Fortinet | 1 Fortimail | 2024-08-30 | 5.3 Medium |
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated attacker to perform a brute force attack on the affected endpoints via repeated login attempts. | ||||
CVE-2023-41676 | 1 Fortinet | 1 Fortisiem | 2024-08-30 | 4.2 Medium |
An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs. | ||||
CVE-2023-45585 | 1 Fortinet | 1 Fortisiem | 2024-08-30 | 2.1 Low |
An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage. | ||||
CVE-2023-44248 | 1 Fortinet | 1 Fortiedr | 2024-08-30 | 4 Medium |
An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service. | ||||
CVE-2023-33304 | 1 Fortinet | 1 Forticlient | 2024-08-30 | 4.4 Medium |
A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials. | ||||
CVE-2023-36633 | 1 Fortinet | 1 Fortimail | 2024-08-30 | 5.3 Medium |
An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests. | ||||
CVE-2023-29177 | 1 Fortinet | 2 Fortiadc, Fortiddos-f | 2024-08-30 | 6.2 Medium |
Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests. | ||||
CVE-2023-40719 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-08-30 | 4.1 Medium |
A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials. | ||||
CVE-2023-25603 | 1 Fortinet | 2 Fortiadc, Fortiddos-f | 2024-08-30 | 5.4 Medium |
A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests. |