Filtered by vendor Fortinet
Subscriptions
Total
751 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-44168 | 1 Fortinet | 1 Fortios | 2024-08-04 | 3.3 Low |
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages. | ||||
CVE-2021-43204 | 1 Fortinet | 1 Forticlient | 2024-08-04 | 4.4 Medium |
A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete denial of service of its components via changes of directory access permissions. | ||||
CVE-2021-43206 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-08-04 | 4.3 Medium |
A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages. | ||||
CVE-2021-43205 | 1 Fortinet | 1 Forticlient | 2024-08-04 | 4.3 Medium |
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux version 7.0.2 and below, 6.4.7 and below and 6.2.9 and below may allow an unauthenticated attacker to access the confighandler webserver via external binaries. | ||||
CVE-2021-43081 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-08-04 | 6.1 Medium |
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests. | ||||
CVE-2021-43068 | 1 Fortinet | 1 Fortiauthenticator | 2024-08-04 | 5.4 Medium |
A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal. | ||||
CVE-2021-43066 | 1 Fortinet | 1 Forticlient | 2024-08-04 | 8.4 High |
A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer. | ||||
CVE-2021-43080 | 1 Fortinet | 1 Fortios | 2024-08-04 | 4.6 Medium |
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors. | ||||
CVE-2021-43070 | 1 Fortinet | 1 Fortiwlm | 2024-08-04 | 5.4 Medium |
Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. | ||||
CVE-2021-43076 | 1 Fortinet | 1 Fortiadc | 2024-08-04 | 6.3 Medium |
An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access. | ||||
CVE-2021-43074 | 1 Fortinet | 4 Fortios, Fortiproxy, Fortiswitch and 1 more | 2024-08-04 | 4.1 Medium |
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter. | ||||
CVE-2021-43065 | 1 Fortinet | 1 Fortinac | 2024-08-04 | 7.8 High |
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data. | ||||
CVE-2021-43073 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 8.8 High |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | ||||
CVE-2021-43063 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 6.1 Medium |
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the login webpage. | ||||
CVE-2021-43064 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 4.3 Medium |
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers. | ||||
CVE-2021-43071 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 8.8 High |
A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller. | ||||
CVE-2021-43077 | 1 Fortinet | 1 Fortiwlm | 2024-08-04 | 8.8 High |
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP monitor handlers. | ||||
CVE-2021-43062 | 1 Fortinet | 1 Fortimail | 2024-08-04 | 6.1 Medium |
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the FortiGuard URI protection service. | ||||
CVE-2021-43075 | 1 Fortinet | 1 Fortiwlm | 2024-08-04 | 8.8 High |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers. | ||||
CVE-2021-43067 | 1 Fortinet | 1 Fortiauthenticator | 2024-08-04 | 8.3 High |
A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests. |