Filtered by vendor Fortinet
Subscriptions
Total
751 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-16153 | 1 Fortinet | 1 Fortisiem | 2024-08-05 | 9.8 Critical |
A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials. | ||||
CVE-2019-16154 | 1 Fortinet | 1 Fortiauthenticator | 2024-08-05 | 6.1 Medium |
An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page. | ||||
CVE-2019-16150 | 1 Fortinet | 1 Forticlient | 2024-08-05 | 5.5 Medium |
Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key. | ||||
CVE-2019-16156 | 1 Fortinet | 1 Fortiweb | 2024-08-05 | 6.1 Medium |
An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS). | ||||
CVE-2019-15712 | 1 Fortinet | 1 Fortimail | 2024-08-05 | 7.2 High |
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for. | ||||
CVE-2019-15704 | 1 Fortinet | 1 Forticlient | 2024-08-05 | 5.5 Medium |
A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway. | ||||
CVE-2019-15703 | 1 Fortinet | 1 Fortios | 2024-08-05 | 7.5 High |
An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only. | ||||
CVE-2019-15711 | 1 Fortinet | 1 Forticlient | 2024-08-05 | 7.8 High |
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process. | ||||
CVE-2019-15709 | 1 Fortinet | 3 Fortiap-s, Fortiap-u, Fortiap-w2 | 2024-08-05 | 6.5 Medium |
An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI. | ||||
CVE-2019-15707 | 1 Fortinet | 1 Fortimail | 2024-08-05 | 4.9 Medium |
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for. | ||||
CVE-2019-15705 | 1 Fortinet | 1 Fortios | 2024-08-05 | 7.5 High |
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request. | ||||
CVE-2019-15708 | 1 Fortinet | 4 Fortiap, Fortiap-s, Fortiap-u and 1 more | 2024-08-05 | 6.7 Medium |
A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands. | ||||
CVE-2019-13398 | 1 Fortinet | 2 Fcm-mb40, Fcm-mb40 Firmware | 2024-08-04 | N/A |
Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (save parameter) and cgi-bin/ddns.cgi. | ||||
CVE-2019-13399 | 1 Fortinet | 2 Fcm-mb40, Fcm-mb40 Firmware | 2024-08-04 | N/A |
Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation. | ||||
CVE-2019-13401 | 1 Fortinet | 2 Fcm-mb40, Fcm-mb40 Firmware | 2024-08-04 | N/A |
Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/. | ||||
CVE-2019-13402 | 1 Fortinet | 2 Fcm-mb40, Fcm-mb40 Firmware | 2024-08-04 | N/A |
/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is reset. | ||||
CVE-2019-13400 | 1 Fortinet | 2 Fcm-mb40, Fcm-mb40 Firmware | 2024-08-04 | N/A |
Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info. | ||||
CVE-2019-6696 | 1 Fortinet | 1 Fortios | 2024-08-04 | 6.1 Medium |
An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage. | ||||
CVE-2019-6700 | 1 Fortinet | 1 Fortisiem | 2024-08-04 | 6.5 Medium |
An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code. | ||||
CVE-2019-6692 | 1 Fortinet | 1 Forticlient | 2024-08-04 | 7.8 High |
A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL. |