Total
42 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40588 | 1 Fortinet | 6 Forticamera, Forticamera Firmware, Fortimail and 3 more | 2025-08-14 | N/A | N/A |
| Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4, FortiCamera & FortiNDR version 7.6.0 and before 7.4.6 may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests. | |||||
| CVE-2021-24008 | 1 Fortinet | 5 Fortiddos, Fortiddos-cm, Fortimail and 2 more | 2025-07-24 | N/A | N/A |
| An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 and below may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file. | |||||
| CVE-2023-47539 | 1 Fortinet | 1 Fortimail | 2025-07-24 | N/A | N/A |
| An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request. | |||||
| CVE-2024-46663 | 1 Fortinet | 1 Fortimail | 2025-07-24 | N/A | N/A |
| A stack-buffer overflow vulnerability [CWE-121] in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands. | |||||
| CVE-2023-33302 | 1 Fortinet | 2 Fortimail, Fortindr | 2025-07-23 | N/A | 8.8 HIGH |
| A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2021-26091 | 1 Fortinet | 1 Fortimail | 2025-07-23 | N/A | N/A |
| A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset their credentials. | |||||
| CVE-2025-32756 | 1 Fortinet | 6 Forticamera, Forticamera Firmware, Fortimail and 3 more | 2025-05-16 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie. | |||||
| CVE-2022-23439 | 1 Fortinet | 14 Fortiadc, Fortiauthenticator, Fortiddos and 11 more | 2025-02-12 | N/A | 6.1 MEDIUM |
| A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver | |||||
| CVE-2024-56497 | 1 Fortinet | 2 Fortimail, Fortirecorder | 2025-02-03 | N/A | 6.7 MEDIUM |
| An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or commands via the CLI. | |||||
| CVE-2022-27488 | 1 Fortinet | 6 Fortiai, Fortimail, Fortindr and 3 more | 2024-01-18 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests. | |||||
| CVE-2020-9294 | 1 Fortinet | 2 Fortimail, Fortivoice | 2024-01-18 | 7.5 HIGH | 9.8 CRITICAL |
| An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface. | |||||
| CVE-2021-42757 | 1 Fortinet | 13 Fortiadc, Fortianalyzer, Fortimail and 10 more | 2024-01-18 | 4.6 MEDIUM | 6.7 MEDIUM |
| A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. | |||||
| CVE-2023-36633 | 1 Fortinet | 1 Fortimail | 2023-11-20 | N/A | 5.4 MEDIUM |
| An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests. | |||||
| CVE-2023-45582 | 1 Fortinet | 1 Fortimail | 2023-11-18 | N/A | 7.3 HIGH |
| An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated attacker to perform a brute force attack on the affected endpoints via repeated login attempts. | |||||
| CVE-2023-36556 | 1 Fortinet | 1 Fortimail | 2023-11-07 | N/A | 8.8 HIGH |
| An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests. | |||||
| CVE-2023-36637 | 1 Fortinet | 1 Fortimail | 2023-11-07 | N/A | 5.4 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields. | |||||
| CVE-2022-29056 | 1 Fortinet | 1 Fortimail | 2023-11-07 | N/A | 5.3 MEDIUM |
| A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | |||||
| CVE-2021-32591 | 1 Fortinet | 4 Fortiadc, Fortimail, Fortisandbox and 1 more | 2023-08-08 | 2.6 LOW | 5.3 MEDIUM |
| A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets. | |||||
| CVE-2021-26099 | 1 Fortinet | 1 Fortimail | 2023-08-08 | 4.0 MEDIUM | 4.9 MEDIUM |
| Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext. | |||||
| CVE-2021-26095 | 1 Fortinet | 1 Fortimail | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges. | |||||