Filtered by vendor Fortinet
Subscriptions
Total
772 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-6692 | 1 Fortinet | 1 Forticlient | 2024-10-25 | 7.8 High |
| A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL. | ||||
| CVE-2019-15703 | 1 Fortinet | 1 Fortios | 2024-10-25 | 7.5 High |
| An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only. | ||||
| CVE-2019-17650 | 1 Fortinet | 1 Forticlient | 2024-10-25 | 7.8 High |
| An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check. | ||||
| CVE-2019-15705 | 1 Fortinet | 1 Fortios | 2024-10-25 | 7.5 High |
| An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request. | ||||
| CVE-2019-16153 | 1 Fortinet | 1 Fortisiem | 2024-10-25 | 9.8 Critical |
| A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials. | ||||
| CVE-2019-15712 | 1 Fortinet | 1 Fortimail | 2024-10-25 | 7.2 High |
| An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for. | ||||
| CVE-2019-15711 | 1 Fortinet | 1 Forticlient | 2024-10-25 | 7.8 High |
| A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process. | ||||
| CVE-2019-17658 | 1 Fortinet | 1 Forticlient | 2024-10-25 | 9.8 Critical |
| An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path. | ||||
| CVE-2019-17653 | 1 Fortinet | 1 Fortisiem | 2024-10-25 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link. | ||||
| CVE-2020-9290 | 1 Fortinet | 2 Forticlient, Forticlient Virtual Private Network | 2024-10-25 | 7.8 High |
| An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | ||||
| CVE-2020-9287 | 1 Fortinet | 1 Forticlient Emergency Management Server | 2024-10-25 | 7.8 High |
| An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | ||||
| CVE-2019-17654 | 1 Fortinet | 1 Fortimanager | 2024-10-25 | 8.8 High |
| An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack. | ||||
| CVE-2019-15708 | 1 Fortinet | 4 Fortiap, Fortiap-s, Fortiap-u and 1 more | 2024-10-25 | 6.7 Medium |
| A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands. | ||||
| CVE-2018-13371 | 1 Fortinet | 1 Fortios | 2024-10-25 | 8.8 High |
| An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component. | ||||
| CVE-2019-17657 | 1 Fortinet | 5 Fortianalyzer, Fortiap-s, Fortiap-w2 and 2 more | 2024-10-25 | 7.5 High |
| An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks. | ||||
| CVE-2020-9292 | 1 Fortinet | 1 Fortisiem Windows Agent | 2024-10-25 | 9.8 Critical |
| An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path. | ||||
| CVE-2020-9289 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-10-25 | 7.5 High |
| Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key. | ||||
| CVE-2019-17655 | 1 Fortinet | 1 Fortios | 2024-10-25 | 5.3 Medium |
| A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system. | ||||
| CVE-2020-6644 | 1 Fortinet | 1 Fortideceptor | 2024-10-25 | 8.1 High |
| An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks. | ||||
| CVE-2020-12818 | 1 Fortinet | 36 Fortigate 1000d, Fortigate 100e, Fortigate 100f and 33 more | 2024-10-25 | 5.3 Medium |
| An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed. | ||||