Filtered by vendor Fortinet
Subscriptions
Total
751 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-9191 | 1 Fortinet | 1 Forticlient | 2024-08-05 | N/A |
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates. | ||||
CVE-2018-9195 | 1 Fortinet | 2 Forticlient, Fortios | 2024-08-05 | 5.9 Medium |
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below. | ||||
CVE-2018-9185 | 1 Fortinet | 1 Fortios | 2024-08-05 | N/A |
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature. | ||||
CVE-2018-9193 | 1 Fortinet | 1 Forticlient | 2024-08-05 | N/A |
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the parsing of the file. | ||||
CVE-2018-1356 | 1 Fortinet | 1 Fortisandbox | 2024-08-05 | N/A |
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component. | ||||
CVE-2018-1360 | 1 Fortinet | 1 Fortimanager | 2024-08-05 | N/A |
A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses. | ||||
CVE-2018-1354 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-08-05 | N/A |
An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. | ||||
CVE-2018-1352 | 1 Fortinet | 1 Fortios | 2024-08-05 | N/A |
A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable. | ||||
CVE-2019-17655 | 1 Fortinet | 1 Fortios | 2024-08-05 | 5.3 Medium |
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system. | ||||
CVE-2019-17656 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-08-05 | 5.4 Medium |
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution. | ||||
CVE-2019-17651 | 1 Fortinet | 1 Fortisiem | 2024-08-05 | 5.4 Medium |
An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule. | ||||
CVE-2019-17652 | 1 Fortinet | 1 Forticlient | 2024-08-05 | 6.5 Medium |
A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized. | ||||
CVE-2019-17650 | 1 Fortinet | 1 Forticlient | 2024-08-05 | 7.8 High |
An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check. | ||||
CVE-2019-17657 | 1 Fortinet | 5 Fortianalyzer, Fortiap-s, Fortiap-w2 and 2 more | 2024-08-05 | 7.5 High |
An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks. | ||||
CVE-2019-17658 | 1 Fortinet | 1 Forticlient | 2024-08-05 | 9.8 Critical |
An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path. | ||||
CVE-2019-17653 | 1 Fortinet | 1 Fortisiem | 2024-08-05 | 8.8 High |
A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link. | ||||
CVE-2019-17654 | 1 Fortinet | 1 Fortimanager | 2024-08-05 | 8.8 High |
An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack. | ||||
CVE-2019-16152 | 1 Fortinet | 1 Forticlient | 2024-08-05 | 6.5 Medium |
A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated. | ||||
CVE-2019-16157 | 1 Fortinet | 1 Fortiweb | 2024-08-05 | 6.5 Medium |
An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands. | ||||
CVE-2019-16155 | 1 Fortinet | 1 Forticlient | 2024-08-05 | 7.1 High |
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite. |