Filtered by vendor Fortinet
Subscribe
Total
708 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-36556 | 1 Fortinet | 1 Fortimail | 2023-12-10 | N/A | 8.8 HIGH |
An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests. | |||||
CVE-2023-36555 | 1 Fortinet | 1 Fortios | 2023-12-10 | N/A | 5.4 MEDIUM |
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components. | |||||
CVE-2021-44172 | 1 Fortinet | 1 Forticlient Endpoint Management Server | 2023-12-10 | N/A | 5.3 MEDIUM |
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path. | |||||
CVE-2023-36637 | 1 Fortinet | 1 Fortimail | 2023-12-10 | N/A | 5.4 MEDIUM |
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields. | |||||
CVE-2023-36550 | 1 Fortinet | 1 Fortiwlm | 2023-12-10 | N/A | 9.8 CRITICAL |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | |||||
CVE-2023-42782 | 1 Fortinet | 1 Fortianalyzer | 2023-12-10 | N/A | 5.3 MEDIUM |
A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number. | |||||
CVE-2023-41841 | 1 Fortinet | 1 Fortios | 2023-12-10 | N/A | 8.8 HIGH |
An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions. | |||||
CVE-2023-36642 | 1 Fortinet | 1 Fortitester | 2023-12-10 | N/A | 7.8 HIGH |
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | |||||
CVE-2023-34988 | 1 Fortinet | 1 Fortiwlm | 2023-12-10 | N/A | 8.8 HIGH |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | |||||
CVE-2023-36551 | 1 Fortinet | 1 Fortisiem | 2023-12-10 | N/A | 5.3 MEDIUM |
A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request. | |||||
CVE-2023-29178 | 1 Fortinet | 2 Fortios, Fortiproxy | 2023-12-10 | N/A | 4.3 MEDIUM |
A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests. | |||||
CVE-2023-29175 | 1 Fortinet | 2 Fortios, Fortiproxy | 2023-12-10 | N/A | 4.8 MEDIUM |
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remote FortiGuard's map server. | |||||
CVE-2022-43953 | 1 Fortinet | 2 Fortios, Fortiproxy | 2023-12-10 | N/A | 7.8 HIGH |
A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code or commands via specially crafted commands. | |||||
CVE-2023-26203 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2023-12-10 | N/A | 7.8 HIGH |
A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands. | |||||
CVE-2022-23447 | 1 Fortinet | 2 Fortiextender, Fortiextender Firmware | 2023-12-10 | N/A | 7.5 HIGH |
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. | |||||
CVE-2023-33306 | 1 Fortinet | 2 Fortios, Fortiproxy | 2023-12-10 | N/A | 6.5 MEDIUM |
A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter. | |||||
CVE-2023-27993 | 1 Fortinet | 1 Fortiadc | 2023-12-10 | N/A | 7.1 HIGH |
A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands. | |||||
CVE-2022-40682 | 1 Fortinet | 1 Forticlient | 2023-12-10 | N/A | 7.8 HIGH |
A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe. | |||||
CVE-2022-43949 | 1 Fortinet | 1 Fortisiem | 2023-12-10 | N/A | 7.5 HIGH |
A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods. | |||||
CVE-2023-25606 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2023-12-10 | N/A | 6.5 MEDIUM |
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. |