Vulnerabilities (CVE)

Filtered by vendor Fortinet Subscribe
Total 717 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-32590 1 Fortinet 1 Fortiportal 2021-08-11 9.0 HIGH 8.8 HIGH
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests.
CVE-2021-32594 1 Fortinet 1 Fortiportal 2021-08-11 5.5 MEDIUM 8.1 HIGH
An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files.
CVE-2021-24010 1 Fortinet 1 Fortisandbox 2021-08-11 4.0 MEDIUM 6.5 MEDIUM
Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests.
CVE-2021-36168 1 Fortinet 1 Fortiportal 2021-08-10 4.0 MEDIUM 6.5 MEDIUM
A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request with malicious parameter values.
CVE-2020-29011 1 Fortinet 1 Fortisandbox 2021-08-10 6.5 MEDIUM 8.8 HIGH
Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests.
CVE-2021-26097 1 Fortinet 1 Fortisandbox 2021-08-10 6.5 MEDIUM 8.8 HIGH
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests.
CVE-2021-32596 1 Fortinet 1 Fortiportal 2021-08-10 5.0 MEDIUM 7.5 HIGH
A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables.
CVE-2021-26088 1 Fortinet 1 Fortinet Single Sign-on 2021-08-02 5.8 MEDIUM 9.6 CRITICAL
An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets.
CVE-2021-24022 1 Fortinet 2 Fortianalyzer, Fortimanager 2021-07-29 2.1 LOW 4.4 MEDIUM
A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.
CVE-2019-5593 1 Fortinet 1 Fortios 2021-07-21 2.1 LOW 5.5 MEDIUM
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below.
CVE-2020-12817 1 Fortinet 2 Fortianalyzer, Fortitester 2021-07-21 6.5 MEDIUM 8.8 HIGH
An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.
CVE-2019-6696 1 Fortinet 1 Fortios 2021-07-21 5.8 MEDIUM 6.1 MEDIUM
An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage.
CVE-2019-6700 1 Fortinet 1 Fortisiem 2021-07-21 4.0 MEDIUM 6.5 MEDIUM
An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code.
CVE-2019-5591 1 Fortinet 1 Fortios 2021-07-21 3.3 LOW 6.5 MEDIUM
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.
CVE-2020-9286 1 Fortinet 2 Fortiadc, Fortiadc Firmware 2021-07-21 6.8 MEDIUM 6.5 MEDIUM
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.
CVE-2019-16157 1 Fortinet 1 Fortiweb 2021-07-21 4.0 MEDIUM 6.5 MEDIUM
An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands.
CVE-2021-24015 1 Fortinet 1 Fortimail 2021-07-14 6.5 MEDIUM 8.8 HIGH
An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests.
CVE-2021-24013 1 Fortinet 1 Fortimail 2021-07-13 4.0 MEDIUM 6.5 MEDIUM
Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests.
CVE-2021-26090 1 Fortinet 1 Fortimail 2021-07-13 5.0 MEDIUM 7.5 HIGH
A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests.
CVE-2020-29014 1 Fortinet 1 Fortisandbox 2021-07-12 6.3 MEDIUM 5.3 MEDIUM
A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands.