Filtered by vendor Fortinet
Subscribe
Total
548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17650 | 1 Fortinet | 1 Forticlient | 2020-05-11 | 7.2 HIGH | 7.8 HIGH |
| An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check. | |||||
| CVE-2020-9294 | 1 Fortinet | 2 Fortimail, Fortivoice | 2020-05-04 | 7.5 HIGH | 9.8 CRITICAL |
| An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface. | |||||
| CVE-2018-9195 | 1 Fortinet | 2 Forticlient, Fortios | 2020-05-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below. | |||||
| CVE-2020-6647 | 1 Fortinet | 1 Fortiadc Firmware | 2020-04-09 | 3.5 LOW | 5.4 MEDIUM |
| An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter. | |||||
| CVE-2019-17657 | 1 Fortinet | 5 Fortianalyzer, Fortiap-s, Fortiap-w2 and 2 more | 2020-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks. | |||||
| CVE-2018-13371 | 1 Fortinet | 1 Fortios | 2020-04-03 | 6.5 MEDIUM | 8.8 HIGH |
| An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component. | |||||
| CVE-2014-2721 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2020-03-23 | 9.0 HIGH | 8.8 HIGH |
| In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. | |||||
| CVE-2014-2722 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2020-03-23 | 9.0 HIGH | 8.8 HIGH |
| In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. | |||||
| CVE-2014-2723 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2020-03-23 | 9.0 HIGH | 8.8 HIGH |
| In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. | |||||
| CVE-2019-15708 | 1 Fortinet | 4 Fortiap, Fortiap-s, Fortiap-u and 1 more | 2020-03-19 | 7.2 HIGH | 6.7 MEDIUM |
| A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands. | |||||
| CVE-2019-17654 | 1 Fortinet | 1 Fortimanager | 2020-03-19 | 6.8 MEDIUM | 8.8 HIGH |
| An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack. | |||||
| CVE-2020-6646 | 1 Fortinet | 1 Fortiweb | 2020-03-19 | 3.5 LOW | 5.4 MEDIUM |
| An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message. | |||||
| CVE-2019-6699 | 1 Fortinet | 1 Fortiadc | 2020-03-18 | 3.5 LOW | 5.4 MEDIUM |
| An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface. | |||||
| CVE-2019-17653 | 1 Fortinet | 1 Fortisiem | 2020-03-18 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link. | |||||
| CVE-2019-16156 | 1 Fortinet | 1 Fortiweb | 2020-03-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS). | |||||
| CVE-2020-9290 | 1 Fortinet | 2 Forticlient, Forticlient Virtual Private Network | 2020-03-17 | 6.9 MEDIUM | 7.8 HIGH |
| An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | |||||
| CVE-2020-9287 | 1 Fortinet | 1 Forticlient Emergency Management Server | 2020-03-17 | 6.9 MEDIUM | 7.8 HIGH |
| An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | |||||
| CVE-2020-6643 | 1 Fortinet | 1 Fortiisolator | 2020-03-17 | 3.5 LOW | 5.4 MEDIUM |
| An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS). | |||||
| CVE-2019-17652 | 1 Fortinet | 1 Forticlient | 2020-02-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized. | |||||
| CVE-2019-16152 | 1 Fortinet | 1 Forticlient | 2020-02-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated. | |||||