Filtered by vendor Fortinet
Subscriptions
Total
750 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-37935 | 1 Fortinet | 1 Fortios | 2024-09-19 | 6.5 Medium |
A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services. | ||||
CVE-2023-36547 | 1 Fortinet | 1 Fortiwlm | 2024-09-19 | 9.6 Critical |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | ||||
CVE-2023-34993 | 1 Fortinet | 1 Fortiwlm | 2024-09-19 | 9.6 Critical |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | ||||
CVE-2023-36550 | 1 Fortinet | 1 Fortiwlm | 2024-09-19 | 9.6 Critical |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | ||||
CVE-2023-34989 | 1 Fortinet | 1 Fortiwlm | 2024-09-19 | 8.6 High |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | ||||
CVE-2023-34987 | 1 Fortinet | 1 Fortiwlm | 2024-09-19 | 8.6 High |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | ||||
CVE-2023-34986 | 1 Fortinet | 1 Fortiwlm | 2024-09-19 | 8.6 High |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | ||||
CVE-2023-34985 | 1 Fortinet | 1 Fortiwlm | 2024-09-19 | 8.6 High |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | ||||
CVE-2023-34988 | 1 Fortinet | 1 Fortiwlm | 2024-09-19 | 8.6 High |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | ||||
CVE-2023-50178 | 1 Fortinet | 1 Fortiadc | 2024-09-19 | 7.2 High |
An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud. | ||||
CVE-2023-36548 | 1 Fortinet | 1 Fortiwlm | 2024-09-19 | 9.6 Critical |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | ||||
CVE-2023-42782 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer-bigdata, Fortimanager | 2024-09-18 | 5 Medium |
A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number. | ||||
CVE-2023-36637 | 1 Fortinet | 1 Fortimail | 2024-09-18 | 3.4 Low |
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields. | ||||
CVE-2023-37939 | 1 Fortinet | 1 Forticlient | 2024-09-18 | 3 Low |
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning. | ||||
CVE-2023-41675 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-09-18 | 4.8 Medium |
A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection. | ||||
CVE-2022-22298 | 1 Fortinet | 1 Fortiisolator | 2024-09-18 | 6.7 Medium |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters. | ||||
CVE-2023-25604 | 1 Fortinet | 1 Fortiguest | 2024-09-18 | 5.5 Medium |
An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs. | ||||
CVE-2023-41838 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-09-18 | 6.9 Medium |
An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli. | ||||
CVE-2023-40718 | 1 Fortinet | 2 Fortios, Fortios Ips Engine | 2024-09-18 | 6.7 Medium |
A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets. | ||||
CVE-2023-36555 | 1 Fortinet | 1 Fortios | 2024-09-18 | 3.9 Low |
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components. |