Filtered by vendor Fortinet
Subscribe
Total
717 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13384 | 1 Fortinet | 1 Fortios | 2019-06-05 | 5.8 MEDIUM | 6.1 MEDIUM |
| A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains. | |||||
| CVE-2018-9190 | 1 Fortinet | 1 Forticlient | 2019-06-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver. | |||||
| CVE-2018-13365 | 1 Fortinet | 1 Fortios | 2019-05-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page. | |||||
| CVE-2018-13375 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2019-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled). | |||||
| CVE-2017-14186 | 1 Fortinet | 1 Fortios | 2019-05-29 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter. | |||||
| CVE-2019-5589 | 1 Fortinet | 1 Forticlient | 2019-05-29 | 9.3 HIGH | 7.8 HIGH |
| An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory. | |||||
| CVE-2016-6909 | 1 Fortinet | 2 Fortios, Fortiswitch | 2019-05-22 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER. | |||||
| CVE-2018-1356 | 1 Fortinet | 1 Fortisandbox | 2019-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component. | |||||
| CVE-2018-9186 | 1 Fortinet | 1 Fortiauthenticator | 2019-04-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header. | |||||
| CVE-2018-13378 | 1 Fortinet | 1 Fortisiem | 2019-04-17 | 4.0 MEDIUM | 7.2 HIGH |
| An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code. | |||||
| CVE-2018-13366 | 1 Fortinet | 1 Fortios | 2019-04-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol. | |||||
| CVE-2017-7342 | 1 Fortinet | 1 Fortiportal | 2019-03-26 | 7.5 HIGH | 9.8 CRITICAL |
| A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button | |||||
| CVE-2017-7340 | 1 Fortinet | 1 Fortiportal | 2019-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality. | |||||
| CVE-2018-1355 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2019-03-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs. | |||||
| CVE-2018-1352 | 1 Fortinet | 1 Fortios | 2019-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable. | |||||
| CVE-2018-1353 | 1 Fortinet | 1 Fortimanager | 2018-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom. | |||||
| CVE-2005-3058 | 1 Fortinet | 2 Fortigate, Fortios | 2018-10-19 | 7.5 HIGH | N/A |
| Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616. | |||||
| CVE-2006-1966 | 1 Fortinet | 1 Fortinet28 | 2018-10-18 | 5.0 MEDIUM | N/A |
| An unspecified Fortinet product, possibly Fortinet28, allows remote attackers to cause a denial of service via a "small synflood" to the SMTP port (TCP port 25), as demonstrated by a 10-microsecond wait between sending packets. NOTE: this issue has been disputed in followup posts that suggest that a protection feature is triggering a RST. | |||||
| CVE-2008-0779 | 1 Fortinet | 1 Forticlient Host Security | 2018-10-15 | 7.2 HIGH | N/A |
| The fortimon.sys device driver in Fortinet FortiClient Host Security 3.0 MR5 Patch 3 and earlier does not properly initialize its DeviceExtension, which allows local users to access kernel memory and execute arbitrary code via a crafted request. | |||||
| CVE-2008-7161 | 1 Fortinet | 1 Fortigate-1000 | 2018-10-11 | 7.5 HIGH | N/A |
| Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header. NOTE: this issue might be related to CVE-2005-3058. | |||||