Filtered by vendor Fortinet
Subscribe
Total
974 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36550 | 1 Fortinet | 1 Fortiwlm | 2023-11-07 | N/A | 9.8 CRITICAL |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | |||||
| CVE-2023-36635 | 1 Fortinet | 1 Fortiswitchmanager | 2023-11-07 | N/A | 4.3 MEDIUM |
| An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API. | |||||
| CVE-2023-36638 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2023-11-07 | N/A | 4.3 MEDIUM |
| An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID. | |||||
| CVE-2023-36556 | 1 Fortinet | 1 Fortimail | 2023-11-07 | N/A | 8.8 HIGH |
| An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests. | |||||
| CVE-2023-36637 | 1 Fortinet | 1 Fortimail | 2023-11-07 | N/A | 5.4 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields. | |||||
| CVE-2023-36634 | 1 Fortinet | 1 Fortiap-u | 2023-11-07 | N/A | 8.8 HIGH |
| An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments. | |||||
| CVE-2023-34989 | 1 Fortinet | 1 Fortiwlm | 2023-11-07 | N/A | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | |||||
| CVE-2023-34984 | 1 Fortinet | 1 Fortiweb | 2023-11-07 | N/A | 8.8 HIGH |
| A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | |||||
| CVE-2023-34988 | 1 Fortinet | 1 Fortiwlm | 2023-11-07 | N/A | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | |||||
| CVE-2023-34992 | 1 Fortinet | 1 Fortisiem | 2023-11-07 | N/A | 9.8 CRITICAL |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests. | |||||
| CVE-2023-34987 | 1 Fortinet | 1 Fortiwlm | 2023-11-07 | N/A | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | |||||
| CVE-2023-34993 | 1 Fortinet | 1 Fortiwlm | 2023-11-07 | N/A | 9.8 CRITICAL |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | |||||
| CVE-2023-34985 | 1 Fortinet | 1 Fortiwlm | 2023-11-07 | N/A | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | |||||
| CVE-2023-34986 | 1 Fortinet | 1 Fortiwlm | 2023-11-07 | N/A | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | |||||
| CVE-2023-33306 | 1 Fortinet | 2 Fortios, Fortiproxy | 2023-11-07 | N/A | 6.5 MEDIUM |
| A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter. | |||||
| CVE-2023-33303 | 1 Fortinet | 1 Fortiedr | 2023-11-07 | N/A | 8.1 HIGH |
| A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request | |||||
| CVE-2023-33299 | 1 Fortinet | 1 Fortinac | 2023-11-07 | N/A | 9.8 CRITICAL |
| A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed. | |||||
| CVE-2023-33305 | 1 Fortinet | 3 Fortios, Fortiproxy, Fortiweb | 2023-11-07 | N/A | 6.5 MEDIUM |
| A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests. | |||||
| CVE-2023-33308 | 1 Fortinet | 2 Fortios, Fortiproxy | 2023-11-07 | N/A | 9.8 CRITICAL |
| A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection. | |||||
| CVE-2023-33301 | 1 Fortinet | 1 Fortios | 2023-11-07 | N/A | 4.3 MEDIUM |
| An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host. | |||||