Total
29097 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12818 | 1 Fortinet | 36 Fortigate 1000d, Fortigate 100e, Fortigate 100f and 33 more | 2024-10-25 | 5.3 Medium |
| An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed. | ||||
| CVE-2021-22128 | 1 Fortinet | 1 Fortiproxy | 2024-10-25 | 7.1 High |
| An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality. | ||||
| CVE-2021-26099 | 1 Fortinet | 1 Fortimail | 2024-10-25 | 4.4 Medium |
| Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext. | ||||
| CVE-2021-32587 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-10-25 | 4.3 Medium |
| An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration. | ||||
| CVE-2020-15939 | 1 Fortinet | 1 Fortisandbox | 2024-10-25 | 4.3 Medium |
| An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL. | ||||
| CVE-2021-24006 | 1 Fortinet | 1 Fortimanager | 2024-10-25 | 6.3 Medium |
| An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL. | ||||
| CVE-2021-26107 | 1 Fortinet | 1 Fortimanager | 2024-10-25 | 6.3 Medium |
| An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager. | ||||
| CVE-2021-36183 | 1 Fortinet | 1 Forticlient | 2024-10-25 | 7.4 High |
| An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates. | ||||
| CVE-2021-26110 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-10-25 | 7.8 High |
| An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features. | ||||
| CVE-2021-32591 | 1 Fortinet | 4 Fortiadc, Fortimail, Fortisandbox and 1 more | 2024-10-25 | 5.3 Medium |
| A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets. | ||||
| CVE-2021-36190 | 1 Fortinet | 1 Fortiweb | 2024-10-25 | 5.5 Medium |
| A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests. | ||||
| CVE-2021-43204 | 1 Fortinet | 1 Forticlient | 2024-10-25 | 4.4 Medium |
| A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete denial of service of its components via changes of directory access permissions. | ||||
| CVE-2021-36167 | 1 Fortinet | 1 Forticlient | 2024-10-25 | 4.3 Medium |
| An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater. | ||||
| CVE-2021-36169 | 1 Fortinet | 1 Fortios | 2024-10-25 | 4.2 Medium |
| A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations. | ||||
| CVE-2021-41020 | 1 Fortinet | 1 Fortiisolator | 2024-10-25 | 8.8 High |
| An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL. | ||||
| CVE-2022-23443 | 1 Fortinet | 1 Fortisoar | 2024-10-25 | 7.5 High |
| An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests. | ||||
| CVE-2022-38372 | 1 Fortinet | 1 Fortitester | 2024-10-25 | 6.7 Medium |
| A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command. | ||||
| CVE-2022-38381 | 1 Fortinet | 1 Fortiadc | 2024-10-25 | 5.3 Medium |
| An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection such as the SQL Injection and XSS filters via a malformed HTTP request. | ||||
| CVE-2023-5764 | 2 Fedoraproject, Redhat | 9 Extra Packages For Enterprise Linux, Fedora, Ansible and 6 more | 2024-10-25 | 7.1 High |
| A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data. | ||||
| CVE-2023-4237 | 1 Redhat | 3 Ansible Automation Platform, Ansible Automation Platform Cloud Billing, Ansible Collection | 2024-10-25 | 7.3 High |
| A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability. | ||||