Filtered by vendor Fortinet
Subscriptions
Total
772 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-17540 | 1 Fortinet | 1 Fortiwlc | 2024-10-25 | N/A |
| The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell. | ||||
| CVE-2017-14187 | 1 Fortinet | 1 Fortios | 2024-10-25 | N/A |
| A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command. | ||||
| CVE-2017-14185 | 1 Fortinet | 1 Fortios | 2024-10-25 | N/A |
| An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal. | ||||
| CVE-2018-9185 | 1 Fortinet | 1 Fortios | 2024-10-25 | N/A |
| An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature. | ||||
| CVE-2018-13376 | 1 Fortinet | 1 Fortios | 2024-10-25 | N/A |
| An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response. | ||||
| CVE-2018-1352 | 1 Fortinet | 1 Fortios | 2024-10-25 | N/A |
| A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable. | ||||
| CVE-2017-7342 | 1 Fortinet | 1 Fortiportal | 2024-10-25 | N/A |
| A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button | ||||
| CVE-2017-17544 | 1 Fortinet | 1 Fortios | 2024-10-25 | 7.2 High |
| A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations. | ||||
| CVE-2018-13366 | 1 Fortinet | 1 Fortios | 2024-10-25 | N/A |
| An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol. | ||||
| CVE-2018-13378 | 1 Fortinet | 1 Fortisiem | 2024-10-25 | N/A |
| An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code. | ||||
| CVE-2018-1360 | 1 Fortinet | 1 Fortimanager | 2024-10-25 | N/A |
| A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses. | ||||
| CVE-2019-5589 | 1 Fortinet | 1 Forticlient | 2024-10-25 | N/A |
| An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory. | ||||
| CVE-2018-13365 | 1 Fortinet | 1 Fortios | 2024-10-25 | N/A |
| An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page. | ||||
| CVE-2018-9191 | 1 Fortinet | 1 Forticlient | 2024-10-25 | N/A |
| A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates. | ||||
| CVE-2018-13368 | 1 Fortinet | 1 Forticlient | 2024-10-25 | N/A |
| A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection. | ||||
| CVE-2018-9193 | 1 Fortinet | 1 Forticlient | 2024-10-25 | N/A |
| A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the parsing of the file. | ||||
| CVE-2018-13381 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-10-25 | 5.3 Medium |
| A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads. | ||||
| CVE-2019-6698 | 1 Fortinet | 4 Fortirecorder 100d, Fortirecorder 200d, Fortirecorder 400d and 1 more | 2024-10-25 | 9.8 Critical |
| Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device. | ||||
| CVE-2018-13367 | 1 Fortinet | 1 Fortios | 2024-10-25 | N/A |
| An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI. | ||||
| CVE-2019-6695 | 1 Fortinet | 1 Fortimanager | 2024-10-25 | 9.8 Critical |
| Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods. | ||||