Filtered by vendor Fortinet
Subscribe
Total
717 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8495 | 1 Fortinet | 1 Fortimanager Firmware | 2017-07-25 | 5.8 MEDIUM | 7.4 HIGH |
| An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature. | |||||
| CVE-2006-3222 | 1 Fortinet | 1 Fortios | 2017-07-20 | 5.0 MEDIUM | N/A |
| The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode. | |||||
| CVE-2017-3127 | 1 Fortinet | 1 Fortios | 2017-07-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation. | |||||
| CVE-2005-3057 | 1 Fortinet | 2 Fortigate, Fortios | 2017-07-11 | 10.0 HIGH | N/A |
| The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP. | |||||
| CVE-2017-3128 | 1 Fortinet | 1 Fortios | 2017-07-08 | 3.5 LOW | 4.8 MEDIUM |
| A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter. | |||||
| CVE-2017-3126 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2017-07-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter. | |||||
| CVE-2017-3129 | 1 Fortinet | 1 Fortiweb | 2017-06-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature. | |||||
| CVE-2017-7731 | 1 Fortinet | 1 Fortiportal | 2017-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. | |||||
| CVE-2017-7343 | 1 Fortinet | 1 Fortiportal | 2017-05-31 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. | |||||
| CVE-2017-7339 | 1 Fortinet | 1 Fortiportal | 2017-05-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality. | |||||
| CVE-2017-7338 | 1 Fortinet | 1 Fortiportal | 2017-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. | |||||
| CVE-2017-3125 | 1 Fortinet | 1 Fortimail | 2017-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker. | |||||
| CVE-2016-7541 | 1 Fortinet | 1 Fortios | 2017-04-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected. | |||||
| CVE-2016-8492 | 1 Fortinet | 1 Fortios | 2017-03-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption. | |||||
| CVE-2016-8494 | 1 Fortinet | 1 Connect | 2017-03-01 | 6.5 MEDIUM | 7.2 HIGH |
| Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme. | |||||
| CVE-2016-8491 | 1 Fortinet | 1 Fortiwlc | 2017-02-24 | 9.4 HIGH | 9.1 CRITICAL |
| The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. | |||||
| CVE-2015-1880 | 1 Fortinet | 1 Fortios | 2017-01-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-3293 | 1 Fortinet | 1 Fortimail | 2017-01-03 | 4.0 MEDIUM | N/A |
| FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command. | |||||
| CVE-2014-8619 | 1 Fortinet | 1 Fortiweb | 2017-01-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-8618 | 1 Fortinet | 6 Fortiadc-1500d, Fortiadc-2000d, Fortiadc-200d and 3 more | 2017-01-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||