Filtered by vendor Fortinet
Subscriptions
Total
890 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-3615 | 1 Fortinet | 7 Fortimanager 2000e, Fortimanager 200d, Fortimanager 3000f and 4 more | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack. | ||||
| CVE-2015-3614 | 1 Fortinet | 7 Fortimanager 2000e, Fortimanager 200d, Fortimanager 3000f and 4 more | 2024-11-21 | N/A |
| Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability. | ||||
| CVE-2015-3613 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 9.8 Critical |
| A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page | ||||
| CVE-2015-3612 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 5.4 Medium |
| A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page. | ||||
| CVE-2015-3611 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 8.8 High |
| A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report. | ||||
| CVE-2014-2723 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2024-11-21 | 8.8 High |
| In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. | ||||
| CVE-2014-2722 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2024-11-21 | 8.8 High |
| In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. | ||||
| CVE-2014-2721 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2024-11-21 | 8.8 High |
| In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. | ||||
| CVE-2012-6347 | 1 Fortinet | 1 Fortidb | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Java number format exception handling in FortiGate FortiDB before 4.4.2 allow remote attackers to inject arbitrary web script or HTML via the conversationContext parameter to (1) admin/auditTrail.jsf, (2) mapolicymgmt/targetsMonitorView.jsf, (3) vascan/globalsummary.jsf, (4) vaerrorlog/vaErrorLog.jsf, (5) database/listTargetGroups.jsf, (6) sysconfig/listSystemInfo.jsf, (7) vascan/list.jsf, (8) network/router.jsf, (9) mapolicymgmt/editPolicyProfile.jsf, or (10) mapolicymgmt/maPolicyMasterList.jsf. | ||||
| CVE-2012-6346 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) redir or (2) mkey parameter to waf/pcre_expression/validate. | ||||
| CVE-2012-0941 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list. | ||||
| CVE-2024-40592 | 1 Fortinet | 2 Forticlient, Forticlientmac | 2024-11-14 | 6.8 Medium |
| An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process. | ||||
| CVE-2024-36513 | 1 Fortinet | 2 Forticlient, Forticlientwindows | 2024-11-14 | 7.4 High |
| A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts. | ||||
| CVE-2024-36509 | 1 Fortinet | 1 Fortiweb | 2024-11-14 | 3.8 Low |
| An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page. | ||||
| CVE-2024-36507 | 1 Fortinet | 2 Forticlient, Forticlientwindows | 2024-11-14 | 6.7 Medium |
| A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering. | ||||
| CVE-2024-47575 | 1 Fortinet | 2 Fortimanager, Fortimanager Cloud | 2024-11-08 | 9.8 Critical |
| A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests. | ||||
| CVE-2024-45330 | 1 Fortinet | 2 Fortianalyzer, Fortianalyzer Cloud | 2024-10-19 | 6.8 Medium |
| A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests. | ||||
| CVE-2022-45856 | 1 Fortinet | 2 Forticlient, Forticlientios | 2024-09-26 | 4.6 Medium |
| An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and both the service provider and the identity provider. | ||||
| CVE-2024-21753 | 1 Fortinet | 1 Forticlient Endpoint Management Server | 2024-09-25 | 5.5 Medium |
| A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or write a limited number of files via specially crafted HTTP requests | ||||
| CVE-2024-31490 | 1 Fortinet | 1 Fortisandbox | 2024-09-20 | 4.2 Medium |
| An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 allows attacker to information disclosure via HTTP get requests. | ||||