Filtered by vendor Fortinet
Subscribe
Total
974 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6699 | 1 Fortinet | 1 Fortiadc | 2020-03-18 | 3.5 LOW | 5.4 MEDIUM |
| An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface. | |||||
| CVE-2019-17653 | 1 Fortinet | 1 Fortisiem | 2020-03-18 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link. | |||||
| CVE-2019-16156 | 1 Fortinet | 1 Fortiweb | 2020-03-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS). | |||||
| CVE-2020-9290 | 1 Fortinet | 2 Forticlient, Forticlient Virtual Private Network | 2020-03-17 | 6.9 MEDIUM | 7.8 HIGH |
| An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | |||||
| CVE-2020-9287 | 1 Fortinet | 1 Forticlient Emergency Management Server | 2020-03-17 | 6.9 MEDIUM | 7.8 HIGH |
| An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | |||||
| CVE-2020-6643 | 1 Fortinet | 1 Fortiisolator | 2020-03-17 | 3.5 LOW | 5.4 MEDIUM |
| An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS). | |||||
| CVE-2019-17652 | 1 Fortinet | 1 Forticlient | 2020-02-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized. | |||||
| CVE-2019-16152 | 1 Fortinet | 1 Forticlient | 2020-02-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated. | |||||
| CVE-2015-3611 | 1 Fortinet | 1 Fortimanager | 2020-02-05 | 9.0 HIGH | 8.8 HIGH |
| A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report. | |||||
| CVE-2015-3612 | 1 Fortinet | 1 Fortimanager | 2020-02-05 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page. | |||||
| CVE-2015-3613 | 1 Fortinet | 1 Fortimanager | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page | |||||
| CVE-2019-17651 | 1 Fortinet | 1 Fortisiem | 2020-01-29 | 3.5 LOW | 5.4 MEDIUM |
| An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule. | |||||
| CVE-2019-16153 | 1 Fortinet | 1 Fortisiem | 2020-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials. | |||||
| CVE-2018-1351 | 1 Fortinet | 1 Fortimanager | 2020-01-22 | 3.5 LOW | 4.8 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log. | |||||
| CVE-2019-16154 | 1 Fortinet | 1 Fortiauthenticator | 2020-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page. | |||||
| CVE-2019-15705 | 1 Fortinet | 1 Fortios | 2019-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request. | |||||
| CVE-2019-6692 | 1 Fortinet | 1 Forticlient | 2019-10-30 | 4.4 MEDIUM | 7.8 HIGH |
| A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL. | |||||
| CVE-2019-5586 | 1 Fortinet | 1 Fortios | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests. | |||||
| CVE-2019-6698 | 1 Fortinet | 4 Fortirecorder 100d, Fortirecorder 200d, Fortirecorder 400d and 1 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device. | |||||
| CVE-2017-14191 | 1 Fortinet | 1 Fortiweb | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie. | |||||