Filtered by vendor Fortinet
Subscribe
Total
548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24015 | 1 Fortinet | 1 Fortimail | 2021-07-14 | 6.5 MEDIUM | 8.8 HIGH |
| An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests. | |||||
| CVE-2021-24013 | 1 Fortinet | 1 Fortimail | 2021-07-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests. | |||||
| CVE-2021-26090 | 1 Fortinet | 1 Fortimail | 2021-07-13 | 5.0 MEDIUM | 7.5 HIGH |
| A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests. | |||||
| CVE-2020-29014 | 1 Fortinet | 1 Fortisandbox | 2021-07-12 | 6.3 MEDIUM | 5.3 MEDIUM |
| A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands. | |||||
| CVE-2021-22129 | 1 Fortinet | 1 Fortimail | 2021-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2021-24007 | 1 Fortinet | 1 Fortimail | 2021-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2021-26106 | 1 Fortinet | 3 Fortiap, Fortiap-s, Fortiap-w2 | 2021-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments. | |||||
| CVE-2021-26099 | 1 Fortinet | 1 Fortimail | 2021-07-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext. | |||||
| CVE-2021-24005 | 1 Fortinet | 1 Fortiauthenticator | 2021-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key. | |||||
| CVE-2021-24012 | 1 Fortinet | 1 Fortios | 2021-06-14 | 7.5 HIGH | 7.3 HIGH |
| An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority. | |||||
| CVE-2021-22130 | 1 Fortinet | 1 Fortiproxy | 2021-06-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the `diagnose sys cpuset` with a large cpuset mask value. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution. | |||||
| CVE-2021-26111 | 1 Fortinet | 1 Fortiswitch | 2021-06-11 | 3.3 LOW | 6.5 MEDIUM |
| A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device. | |||||
| CVE-2021-22123 | 1 Fortinet | 1 Fortiweb | 2021-06-10 | 9.0 HIGH | 8.8 HIGH |
| An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page. | |||||
| CVE-2018-13374 | 1 Fortinet | 1 Fortios | 2021-06-03 | 4.0 MEDIUM | 8.8 HIGH |
| A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one. | |||||
| CVE-2018-13379 | 1 Fortinet | 1 Fortios | 2021-06-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. | |||||
| CVE-2018-13382 | 1 Fortinet | 1 Fortios | 2021-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests | |||||
| CVE-2019-17658 | 1 Fortinet | 1 Forticlient | 2021-04-29 | 7.5 HIGH | 9.8 CRITICAL |
| An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path. | |||||
| CVE-2020-9291 | 1 Fortinet | 1 Forticlient | 2021-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack. | |||||
| CVE-2020-15942 | 1 Fortinet | 1 Fortiweb | 2021-04-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile. | |||||
| CVE-2019-17656 | 1 Fortinet | 2 Fortios, Fortiproxy | 2021-04-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution. | |||||