Filtered by vendor Fortinet
Subscriptions
Total
751 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36188 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 6.1 Medium |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted GET parameters in requests to login and error handlers | ||||
| CVE-2021-36195 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 4.2 Medium |
| Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments. | ||||
| CVE-2021-36189 | 1 Fortinet | 1 Forticlient Enterprise Management Server | 2024-08-04 | 6.8 Medium |
| A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data | ||||
| CVE-2021-36185 | 1 Fortinet | 1 Fortiwlm | 2024-08-04 | 8.8 High |
| A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | ||||
| CVE-2021-36167 | 1 Fortinet | 1 Forticlient | 2024-08-04 | 4.3 Medium |
| An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater. | ||||
| CVE-2021-36176 | 1 Fortinet | 1 Fortiportal | 2024-08-04 | 6.1 Medium |
| Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests. | ||||
| CVE-2021-36178 | 1 Fortinet | 1 Fortisdnconnector | 2024-08-04 | 4.3 Medium |
| A insufficiently protected credentials in Fortinet FortiSDNConnector version 1.1.7 and below allows attacker to disclose third-party devices credential information via configuration page lookup. | ||||
| CVE-2021-36170 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-08-04 | 3.2 Low |
| An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext. | ||||
| CVE-2021-36172 | 1 Fortinet | 1 Fortiportal | 2024-08-04 | 4.3 Medium |
| An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents. | ||||
| CVE-2021-36180 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 8.1 High |
| Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests. | ||||
| CVE-2021-36179 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 8 High |
| A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution | ||||
| CVE-2021-36177 | 1 Fortinet | 1 Fortiauthenticator | 2024-08-04 | 4.2 Medium |
| An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database. | ||||
| CVE-2021-36181 | 1 Fortinet | 1 Fortiportal | 2024-08-04 | 3.1 Low |
| A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific coordination of web requests. | ||||
| CVE-2021-36171 | 1 Fortinet | 1 Fortiportal | 2024-08-04 | 8.1 High |
| The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame. | ||||
| CVE-2021-36168 | 1 Fortinet | 1 Fortiportal | 2024-08-04 | 6.5 Medium |
| A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request with malicious parameter values. | ||||
| CVE-2021-36173 | 1 Fortinet | 14 Fortigate-1100e, Fortigate-200f, Fortigate-2600f and 11 more | 2024-08-04 | 8 High |
| A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images. | ||||
| CVE-2021-36166 | 1 Fortinet | 1 Fortimail | 2024-08-04 | 9.8 Critical |
| An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties. | ||||
| CVE-2021-36175 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 4.1 Medium |
| An improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device. | ||||
| CVE-2021-36174 | 1 Fortinet | 1 Fortiportal | 2024-08-04 | 4.3 Medium |
| A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may allow an attacker to perform a denial of service attack via specially crafted license blobs. | ||||
| CVE-2021-36169 | 1 Fortinet | 1 Fortios | 2024-08-04 | 4.2 Medium |
| A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations. | ||||