Filtered by vendor Fortinet
Subscriptions
Total
751 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-42761 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 8.5 High |
A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session. | ||||
CVE-2021-42752 | 1 Fortinet | 1 Fortiwlm | 2024-08-04 | 5.4 Medium |
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim's host via crafted HTTP requests | ||||
CVE-2021-42758 | 1 Fortinet | 1 Fortiwlc | 2024-08-04 | 8.8 High |
An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions. | ||||
CVE-2021-42755 | 1 Fortinet | 5 Fortios, Fortiproxy, Fortirecorder Firmware and 2 more | 2024-08-04 | 4.3 Medium |
An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service. | ||||
CVE-2021-42759 | 1 Fortinet | 2 Meru, Meru Firmware | 2024-08-04 | 6.7 Medium |
A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands. | ||||
CVE-2021-42753 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 8.1 High |
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem. | ||||
CVE-2021-42754 | 1 Fortinet | 1 Forticlient | 2024-08-04 | 3.2 Low |
An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file. | ||||
CVE-2021-42756 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 9.3 Critical |
Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests. | ||||
CVE-2021-42757 | 1 Fortinet | 13 Fortiadc, Fortianalyzer, Fortimail and 10 more | 2024-08-04 | 6.7 Medium |
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. | ||||
CVE-2021-42760 | 1 Fortinet | 1 Fortiwlm | 2024-08-04 | 8.8 High |
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests. | ||||
CVE-2021-41019 | 1 Fortinet | 1 Fortios | 2024-08-04 | 3.5 Low |
An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials. | ||||
CVE-2021-41032 | 1 Fortinet | 1 Fortios | 2024-08-04 | 6.3 Medium |
An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands. | ||||
CVE-2021-41024 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-08-04 | 7.5 High |
A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page. | ||||
CVE-2021-41015 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 6.1 Medium |
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to SAML login handler | ||||
CVE-2021-41026 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 6.5 Medium |
A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. | ||||
CVE-2021-41031 | 1 Fortinet | 1 Forticlient | 2024-08-04 | 7.8 High |
A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior, 6.4.6 and prior and 6.2.9 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service. | ||||
CVE-2021-41027 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 7.3 High |
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute unauthorized code or commands via crafted certificates loaded into the device. | ||||
CVE-2021-41013 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 5.3 Medium |
An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs. | ||||
CVE-2021-41021 | 1 Fortinet | 1 Fortinac | 2024-08-04 | 7.8 High |
A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command. | ||||
CVE-2021-41016 | 1 Fortinet | 2 Fortiextender, Fortiextender Firmware | 2024-08-04 | 7.8 High |
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters |