Filtered by vendor Fortinet
Subscribe
Total
851 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1351 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log. | |||||
| CVE-2018-13384 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains. | |||||
| CVE-2018-13381 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads. | |||||
| CVE-2018-13380 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters. | |||||
| CVE-2018-13378 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | 4.0 MEDIUM | 7.2 HIGH |
| An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code. | |||||
| CVE-2018-13376 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response. | |||||
| CVE-2018-13375 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled). | |||||
| CVE-2018-13371 | 1 Fortinet | 1 Fortios | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component. | |||||
| CVE-2018-13368 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection. | |||||
| CVE-2018-13367 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI. | |||||
| CVE-2018-13366 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol. | |||||
| CVE-2018-13365 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page. | |||||
| CVE-2017-7342 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button | |||||
| CVE-2017-7340 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality. | |||||
| CVE-2017-17544 | 1 Fortinet | 1 Fortios | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations. | |||||
| CVE-2017-17543 | 1 Fortinet | 2 Forticlient, Forticlient Sslvpn Client | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms. | |||||
| CVE-2017-17541 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature. | |||||
| CVE-2017-17540 | 1 Fortinet | 1 Fortiwlc | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell. | |||||
| CVE-2017-17539 | 1 Fortinet | 1 Fortiwlc | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell. | |||||
| CVE-2017-14191 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie. | |||||