Filtered by vendor Fortinet
Subscribe
Total
548 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-3615 | 1 Fortinet | 7 Fortimanager 2000e, Fortimanager 200d, Fortimanager 3000f and 4 more | 2017-08-25 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack. | |||||
CVE-2015-3616 | 1 Fortinet | 7 Fortimanager 2000e, Fortimanager 200d, Fortimanager 3000f and 4 more | 2017-08-25 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters. | |||||
CVE-2015-3614 | 1 Fortinet | 7 Fortimanager 2000e, Fortimanager 200d, Fortimanager 3000f and 4 more | 2017-08-25 | 5.0 MEDIUM | 7.5 HIGH |
Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability. | |||||
CVE-2017-3130 | 1 Fortinet | 1 Fortios | 2017-08-21 | 5.0 MEDIUM | 7.5 HIGH |
An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets. | |||||
CVE-2016-3193 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2017-08-15 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-3194 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2017-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-3195 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2017-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-7363 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzer Firmware, Fortimanager and 1 more | 2017-07-29 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters. | |||||
CVE-2016-7542 | 1 Fortinet | 1 Fortios | 2017-07-27 | 4.0 MEDIUM | 4.9 MEDIUM |
A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. | |||||
CVE-2017-7336 | 1 Fortinet | 1 Fortiwlm | 2017-07-27 | 7.5 HIGH | 9.8 CRITICAL |
A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges. | |||||
CVE-2016-8495 | 1 Fortinet | 1 Fortimanager Firmware | 2017-07-24 | 5.8 MEDIUM | 7.4 HIGH |
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature. | |||||
CVE-2006-3222 | 1 Fortinet | 1 Fortios | 2017-07-19 | 5.0 MEDIUM | N/A |
The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode. | |||||
CVE-2017-3127 | 1 Fortinet | 1 Fortios | 2017-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation. | |||||
CVE-2005-3057 | 1 Fortinet | 2 Fortigate, Fortios | 2017-07-10 | 10.0 HIGH | N/A |
The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP. | |||||
CVE-2017-3126 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2017-07-07 | 5.8 MEDIUM | 6.1 MEDIUM |
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter. | |||||
CVE-2017-3128 | 1 Fortinet | 1 Fortios | 2017-07-07 | 3.5 LOW | 4.8 MEDIUM |
A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter. | |||||
CVE-2017-3129 | 1 Fortinet | 1 Fortiweb | 2017-06-02 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature. | |||||
CVE-2017-7343 | 1 Fortinet | 1 Fortiportal | 2017-05-31 | 5.8 MEDIUM | 6.1 MEDIUM |
An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. | |||||
CVE-2017-7731 | 1 Fortinet | 1 Fortiportal | 2017-05-31 | 5.0 MEDIUM | 7.5 HIGH |
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. | |||||
CVE-2017-7338 | 1 Fortinet | 1 Fortiportal | 2017-05-31 | 5.0 MEDIUM | 7.5 HIGH |
A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. |