Filtered by vendor Fortinet
Subscribe
Total
1027 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7560 | 1 Fortinet | 1 Fortiwlc | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors. | |||||
| CVE-2015-1456 | 1 Fortinet | 1 Fortiauthenticator | 2025-04-12 | 4.0 MEDIUM | N/A |
| Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/. | |||||
| CVE-2015-5735 | 1 Fortinet | 1 Forticlient | 2025-04-12 | 7.2 HIGH | N/A |
| The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call. | |||||
| CVE-2014-8619 | 1 Fortinet | 1 Fortiweb | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-3293 | 1 Fortinet | 1 Fortimail | 2025-04-12 | 4.0 MEDIUM | N/A |
| FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command. | |||||
| CVE-2015-7361 | 1 Fortinet | 1 Fortios | 2025-04-12 | 9.3 HIGH | N/A |
| FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors. | |||||
| CVE-2015-7362 | 1 Fortinet | 1 Forticlient | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc setuid program. | |||||
| CVE-2016-3195 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-5092 | 1 Fortinet | 1 Fortiweb | 2025-04-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature. | |||||
| CVE-2015-1457 | 1 Fortinet | 1 Fortiauthenticator | 2025-04-12 | 4.9 MEDIUM | N/A |
| Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. | |||||
| CVE-2014-8617 | 1 Fortinet | 1 Fortimail | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol. | |||||
| CVE-2015-3620 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-1458 | 1 Fortinet | 1 Fortiauthenticator | 2025-04-12 | 6.9 MEDIUM | N/A |
| Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command. | |||||
| CVE-2016-6909 | 1 Fortinet | 2 Fortios, Fortiswitch | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER. | |||||
| CVE-2014-1957 | 1 Fortinet | 1 Fortiweb | 2025-04-12 | 6.5 MEDIUM | N/A |
| FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. | |||||
| CVE-2015-5965 | 1 Fortinet | 1 Fortios | 2025-04-12 | 5.0 MEDIUM | N/A |
| The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field. | |||||
| CVE-2014-8582 | 1 Fortinet | 7 Coyote Point Equalizer, Coyote Point Equalizer Firmware, Fortiadc-1000e and 4 more | 2025-04-12 | 6.4 MEDIUM | N/A |
| FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors. | |||||
| CVE-2014-3115 | 1 Fortinet | 1 Fortiweb | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors. | |||||
| CVE-2016-3196 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section. | |||||
| CVE-2015-1459 | 1 Fortinet | 1 Fortiauthenticator | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. | |||||