Filtered by vendor Fortinet
Subscriptions
Total
751 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-24021 | 1 Fortinet | 1 Fortianalyzer | 2024-08-03 | 4.3 Medium |
An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other, hypothetical attacks. | ||||
CVE-2021-24022 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-08-03 | 6.7 Medium |
A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value. | ||||
CVE-2021-24012 | 1 Fortinet | 1 Fortios | 2024-08-03 | 6.5 Medium |
An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority. | ||||
CVE-2021-24005 | 1 Fortinet | 1 Fortiauthenticator | 2024-08-03 | 4 Medium |
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key. | ||||
CVE-2021-24014 | 1 Fortinet | 1 Fortisandbox | 2024-08-03 | 5.4 Medium |
Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters. | ||||
CVE-2021-24010 | 1 Fortinet | 1 Fortisandbox | 2024-08-03 | 8.1 High |
Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests. | ||||
CVE-2021-24024 | 1 Fortinet | 2 Fortiadc, Fortiadc Manager | 2024-08-03 | 4.3 Medium |
A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files. | ||||
CVE-2021-24007 | 1 Fortinet | 1 Fortimail | 2024-08-03 | 9.8 Critical |
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | ||||
CVE-2021-24019 | 1 Fortinet | 1 Forticlient Endpoint Management Server | 2024-08-03 | 8.1 High |
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | ||||
CVE-2021-24023 | 1 Fortinet | 2 Fortiai 3500f, Fortiai Firmware | 2024-08-03 | 7.8 High |
An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command. | ||||
CVE-2021-24017 | 1 Fortinet | 1 Fortimanager | 2024-08-03 | 5.4 Medium |
An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler. | ||||
CVE-2021-24020 | 1 Fortinet | 1 Fortimail | 2024-08-03 | 7.5 High |
A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification. | ||||
CVE-2021-24011 | 1 Fortinet | 1 Fortinac | 2024-08-03 | 6.3 Medium |
A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges. | ||||
CVE-2021-24016 | 1 Fortinet | 1 Fortimanager | 2024-08-03 | 3.7 Low |
An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host. | ||||
CVE-2021-24006 | 1 Fortinet | 1 Fortimanager | 2024-08-03 | 6.3 Medium |
An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL. | ||||
CVE-2021-24018 | 1 Fortinet | 1 Fortios | 2024-08-03 | 4.3 Medium |
A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image. | ||||
CVE-2021-24009 | 1 Fortinet | 1 Fortiwan | 2024-08-03 | 7.2 High |
Multiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests. | ||||
CVE-2021-22125 | 1 Fortinet | 1 Fortisandbox | 2024-08-03 | 6.3 Medium |
An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file. | ||||
CVE-2021-22128 | 1 Fortinet | 1 Fortiproxy | 2024-08-03 | 7.1 High |
An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality. | ||||
CVE-2021-22122 | 1 Fortinet | 1 Fortiweb | 2024-08-03 | 6.1 Medium |
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points. |