Filtered by vendor Fortinet
Subscribe
Total
851 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-1456 | 1 Fortinet | 1 Fortiauthenticator | 2025-04-12 | 4.0 MEDIUM | N/A |
Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/. | |||||
CVE-2016-7560 | 1 Fortinet | 1 Fortiwlc | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors. | |||||
CVE-2015-3626 | 1 Fortinet | 1 Fortios | 2025-04-12 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname. | |||||
CVE-2016-3195 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-7362 | 1 Fortinet | 1 Forticlient | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc setuid program. | |||||
CVE-2014-2334 | 1 Fortinet | 1 Fortianalyzer Firmware | 2025-04-12 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. | |||||
CVE-2015-3620 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2025-04-12 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-3978 | 1 Fortinet | 1 Fortios | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login." | |||||
CVE-2015-1453 | 1 Fortinet | 1 Forticlient | 2025-04-12 | 5.0 MEDIUM | N/A |
The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences. | |||||
CVE-2014-2216 | 1 Fortinet | 1 Fortios | 2025-04-12 | 7.5 HIGH | N/A |
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted request. | |||||
CVE-2014-8617 | 1 Fortinet | 1 Fortimail | 2025-04-12 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol. | |||||
CVE-2016-5092 | 1 Fortinet | 1 Fortiweb | 2025-04-12 | 4.0 MEDIUM | 4.9 MEDIUM |
Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature. | |||||
CVE-2014-0331 | 1 Fortinet | 9 Fortiadc-1000e, Fortiadc-1500d, Fortiadc-2000d and 6 more | 2025-04-12 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/. | |||||
CVE-2016-1909 | 1 Fortinet | 1 Fortios | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session. | |||||
CVE-2015-1880 | 1 Fortinet | 1 Fortios | 2025-04-12 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-4968 | 1 Fortinet | 1 Fortiwan | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request. | |||||
CVE-2015-1571 | 1 Fortinet | 1 Fortios | 2025-04-12 | 4.3 MEDIUM | N/A |
The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the Fortinet_Factory certificate and private key. NOTE: FG-IR-15-002 says "The Fortinet_Factory certificate is unique to each device ... An attacker cannot therefore stage a MitM attack. | |||||
CVE-2015-7361 | 1 Fortinet | 1 Fortios | 2025-04-12 | 9.3 HIGH | N/A |
FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors. | |||||
CVE-2015-1457 | 1 Fortinet | 1 Fortiauthenticator | 2025-04-12 | 4.9 MEDIUM | N/A |
Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. | |||||
CVE-2015-2281 | 1 Fortinet | 1 Single Sign On | 2025-04-12 | 7.5 HIGH | N/A |
Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000. |