Filtered by vendor Fortinet
Subscribe
Total
845 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34984 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | N/A | 7.5 HIGH |
| A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | |||||
| CVE-2023-33308 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 9.8 CRITICAL |
| A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection. | |||||
| CVE-2023-33304 | 1 Fortinet | 1 Forticlient | 2024-11-21 | N/A | 4.4 MEDIUM |
| A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials. | |||||
| CVE-2023-33303 | 1 Fortinet | 1 Fortiedr | 2024-11-21 | N/A | 8.1 HIGH |
| A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request | |||||
| CVE-2023-33301 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 6.5 MEDIUM |
| An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host. | |||||
| CVE-2023-33299 | 1 Fortinet | 1 Fortinac | 2024-11-21 | N/A | 9.8 CRITICAL |
| A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed. | |||||
| CVE-2023-29183 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 8.0 HIGH |
| An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting. | |||||
| CVE-2023-29177 | 1 Fortinet | 2 Fortiadc, Fortiddos-f | 2024-11-21 | N/A | 6.7 MEDIUM |
| Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests. | |||||
| CVE-2023-28002 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 6.4 MEDIUM |
| An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place. | |||||
| CVE-2023-28001 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 4.1 MEDIUM |
| An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API. | |||||
| CVE-2023-27999 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | N/A | 7.8 HIGH |
| An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | |||||
| CVE-2023-27998 | 1 Fortinet | 1 Fortipresence | 2024-11-21 | N/A | 5.3 MEDIUM |
| A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths. | |||||
| CVE-2023-27997 | 1 Fortinet | 4 Fortigate 6000, Fortigate 7000, Fortios and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. | |||||
| CVE-2023-27995 | 1 Fortinet | 1 Fortisoar | 2024-11-21 | N/A | 7.2 HIGH |
| A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload. | |||||
| CVE-2023-27993 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | N/A | 6.0 MEDIUM |
| A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands. | |||||
| CVE-2023-26210 | 1 Fortinet | 2 Fortiadc, Fortiadc Manager | 2024-11-21 | N/A | 7.8 HIGH |
| Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests. | |||||
| CVE-2023-26209 | 1 Fortinet | 1 Fortideceptor | 2024-11-21 | N/A | 3.7 LOW |
| A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | |||||
| CVE-2023-26208 | 1 Fortinet | 1 Fortiauthenticator | 2024-11-21 | N/A | 3.7 LOW |
| A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | |||||
| CVE-2023-26207 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 3.3 LOW |
| An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. 7.2.0 through 7.2.1 allows an attacker to read certain passwords in plain text. | |||||
| CVE-2023-26206 | 1 Fortinet | 1 Fortinac | 2024-11-21 | N/A | 6.8 MEDIUM |
| An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs. | |||||