Filtered by vendor Fortinet
Subscriptions
Total
751 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9290 | 1 Fortinet | 2 Forticlient, Forticlient Virtual Private Network | 2024-08-04 | 7.8 High |
| An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | ||||
| CVE-2020-9287 | 1 Fortinet | 1 Forticlient Emergency Management Server | 2024-08-04 | 7.8 High |
| An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | ||||
| CVE-2020-9291 | 1 Fortinet | 1 Forticlient | 2024-08-04 | 6.3 Medium |
| An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack. | ||||
| CVE-2020-9286 | 1 Fortinet | 2 Fortiadc, Fortiadc Firmware | 2024-08-04 | 6.5 Medium |
| An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system. | ||||
| CVE-2020-9292 | 1 Fortinet | 1 Fortisiem Windows Agent | 2024-08-04 | 9.8 Critical |
| An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path. | ||||
| CVE-2020-9288 | 1 Fortinet | 1 Fortiwlc | 2024-08-04 | 5.4 Medium |
| An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile. | ||||
| CVE-2020-6640 | 1 Fortinet | 1 Fortianalyzer | 2024-08-04 | 5.4 Medium |
| An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area. | ||||
| CVE-2020-6647 | 1 Fortinet | 1 Fortiadc Firmware | 2024-08-04 | 5.4 Medium |
| An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter. | ||||
| CVE-2020-6648 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-08-04 | 5.3 Medium |
| A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command. | ||||
| CVE-2020-6641 | 1 Fortinet | 1 Fortipresence | 2024-08-04 | 4.3 Medium |
| Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters. | ||||
| CVE-2020-6643 | 1 Fortinet | 1 Fortiisolator | 2024-08-04 | 5.4 Medium |
| An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS). | ||||
| CVE-2020-6646 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 5.4 Medium |
| An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message. | ||||
| CVE-2020-6649 | 1 Fortinet | 1 Fortiisolator | 2024-08-04 | 9.8 Critical |
| An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | ||||
| CVE-2020-6644 | 1 Fortinet | 1 Fortideceptor | 2024-08-04 | 8.1 High |
| An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks. | ||||
| CVE-2021-44169 | 1 Fortinet | 1 Forticlient | 2024-08-04 | 8.2 High |
| A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory. | ||||
| CVE-2021-44170 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-08-04 | 6.7 Medium |
| A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments. | ||||
| CVE-2021-44171 | 1 Fortinet | 1 Fortios | 2024-08-04 | 9 Critical |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands. | ||||
| CVE-2021-44167 | 1 Fortinet | 1 Forticlient | 2024-08-04 | 6.8 Medium |
| An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links. | ||||
| CVE-2021-44172 | 1 Fortinet | 1 Forticlient Endpoint Management Server | 2024-08-04 | 3.6 Low |
| An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path. | ||||
| CVE-2021-44166 | 1 Fortinet | 1 Fortitoken Mobile | 2024-08-04 | 4.1 Medium |
| An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user. | ||||