Filtered by vendor Fortinet
Subscriptions
Total
751 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-6695 | 1 Fortinet | 1 Fortimanager | 2024-08-04 | 9.8 Critical |
Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods. | ||||
CVE-2019-6699 | 1 Fortinet | 1 Fortiadc | 2024-08-04 | 5.4 Medium |
An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface. | ||||
CVE-2019-6698 | 1 Fortinet | 4 Fortirecorder 100d, Fortirecorder 200d, Fortirecorder 400d and 1 more | 2024-08-04 | 9.8 Critical |
Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device. | ||||
CVE-2019-6693 | 1 Fortinet | 1 Fortios | 2024-08-04 | 6.5 Medium |
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set). | ||||
CVE-2019-5592 | 1 Fortinet | 1 Fortios Ips Engine | 2024-08-04 | 5.9 Medium |
Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position. | ||||
CVE-2019-5593 | 1 Fortinet | 1 Fortios | 2024-08-04 | 5.5 Medium |
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below. | ||||
CVE-2019-5588 | 1 Fortinet | 1 Fortios | 2024-08-04 | N/A |
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests. | ||||
CVE-2019-5590 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | N/A |
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form. | ||||
CVE-2019-5589 | 1 Fortinet | 1 Forticlient | 2024-08-04 | N/A |
An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory. | ||||
CVE-2019-5587 | 1 Fortinet | 1 Fortios | 2024-08-04 | 6.5 Medium |
Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods. | ||||
CVE-2019-5586 | 1 Fortinet | 1 Fortios | 2024-08-04 | N/A |
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests. | ||||
CVE-2019-5594 | 1 Fortinet | 1 Fortinac | 2024-08-04 | N/A |
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. | ||||
CVE-2019-5591 | 1 Fortinet | 1 Fortios | 2024-08-04 | 6.5 Medium |
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. | ||||
CVE-2020-29015 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 9.8 Critical |
A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement. | ||||
CVE-2020-29016 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 9.8 Critical |
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname. | ||||
CVE-2020-29013 | 1 Fortinet | 1 Fortisandbox | 2024-08-04 | 5.4 Medium |
An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests. | ||||
CVE-2020-29014 | 1 Fortinet | 1 Fortisandbox | 2024-08-04 | 6.3 Medium |
A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands. | ||||
CVE-2020-29018 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 8.8 High |
A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter. | ||||
CVE-2020-29019 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 5.3 Medium |
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header. | ||||
CVE-2020-29017 | 1 Fortinet | 1 Fortideceptor | 2024-08-04 | 8.8 High |
An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page. |