Filtered by vendor Fortinet
Subscriptions
Total
750 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-33301 | 1 Fortinet | 1 Fortios | 2024-09-18 | 6.5 Medium |
An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host. | ||||
CVE-2023-42790 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-09-17 | 7.7 High |
A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | ||||
CVE-2023-36549 | 1 Fortinet | 1 Fortiwlm | 2024-09-17 | 8.6 High |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | ||||
CVE-2021-43072 | 1 Fortinet | 4 Fortianalyzer, Fortimanager, Fortios and 1 more | 2024-09-17 | 6.3 Medium |
A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol. | ||||
CVE-2018-9186 | 1 Fortinet | 1 Fortiauthenticator | 2024-09-17 | N/A |
A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header. | ||||
CVE-2017-7336 | 1 Fortinet | 1 Fortiwlm | 2024-09-17 | N/A |
A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges. | ||||
CVE-2017-17540 | 1 Fortinet | 1 Fortiwlc | 2024-09-17 | N/A |
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell. | ||||
CVE-2017-7344 | 1 Fortinet | 1 Forticlient | 2024-09-17 | N/A |
A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain. | ||||
CVE-2018-1353 | 1 Fortinet | 1 Fortimanager | 2024-09-17 | N/A |
An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom. | ||||
CVE-2015-1569 | 1 Fortinet | 1 Forticlient | 2024-09-17 | N/A |
Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate. | ||||
CVE-2017-14187 | 1 Fortinet | 1 Fortios | 2024-09-17 | N/A |
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command. | ||||
CVE-2018-9194 | 1 Fortinet | 1 Fortios | 2024-09-17 | N/A |
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used. | ||||
CVE-2015-8038 | 1 Fortinet | 1 Fortimanager Firmware | 2024-09-17 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog. | ||||
CVE-2018-9192 | 1 Fortinet | 1 Fortios | 2024-09-17 | N/A |
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used. | ||||
CVE-2017-3131 | 1 Fortinet | 1 Fortios | 2024-09-17 | N/A |
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView. | ||||
CVE-2018-1351 | 1 Fortinet | 1 Fortimanager | 2024-09-17 | N/A |
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log. | ||||
CVE-2017-3133 | 1 Fortinet | 1 Fortios | 2024-09-17 | N/A |
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. | ||||
CVE-2017-7738 | 1 Fortinet | 1 Fortios | 2024-09-17 | N/A |
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command. | ||||
CVE-2013-4669 | 5 Apple, Fortinet, Google and 2 more | 7 Mac Os X, Forticlient, Forticlient Lite and 4 more | 2024-09-17 | N/A |
FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem. | ||||
CVE-2017-7739 | 1 Fortinet | 1 Fortios | 2024-09-17 | N/A |
A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim. |