Total
48 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-6695 | 1 Fortinet | 1 Fortimanager | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods. | |||||
CVE-2018-1353 | 1 Fortinet | 1 Fortimanager | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom. | |||||
CVE-2018-1355 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs. | |||||
CVE-2018-1354 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. | |||||
CVE-2018-1351 | 1 Fortinet | 1 Fortimanager | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log. | |||||
CVE-2015-7363 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzer Firmware, Fortimanager and 1 more | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters. | |||||
CVE-2014-2336 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335. | |||||
CVE-2005-4570 | 1 Fortinet | 3 Forticlient, Fortimanager, Fortios | 2024-02-04 | 7.8 HIGH | N/A |
The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the vendor advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. |