Filtered by vendor Fortinet
Subscribe
Total
687 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6647 | 1 Fortinet | 1 Fortiadc Firmware | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter. | |||||
| CVE-2019-16150 | 1 Fortinet | 1 Forticlient | 2024-02-04 | 5.0 MEDIUM | 5.5 MEDIUM |
| Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key. | |||||
| CVE-2019-17650 | 1 Fortinet | 1 Forticlient | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check. | |||||
| CVE-2019-16153 | 1 Fortinet | 1 Fortisiem | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials. | |||||
| CVE-2019-17652 | 1 Fortinet | 1 Forticlient | 2024-02-04 | 6.8 MEDIUM | 6.5 MEDIUM |
| A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized. | |||||
| CVE-2019-15711 | 1 Fortinet | 1 Forticlient | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process. | |||||
| CVE-2015-3611 | 1 Fortinet | 1 Fortimanager | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report. | |||||
| CVE-2019-15703 | 1 Fortinet | 1 Fortios | 2024-02-04 | 2.6 LOW | 7.5 HIGH |
| An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only. | |||||
| CVE-2019-15712 | 1 Fortinet | 1 Fortimail | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for. | |||||
| CVE-2019-15704 | 1 Fortinet | 1 Forticlient | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway. | |||||
| CVE-2019-5593 | 1 Fortinet | 1 Fortios | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below. | |||||
| CVE-2019-15705 | 1 Fortinet | 1 Fortios | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request. | |||||
| CVE-2019-16152 | 1 Fortinet | 1 Forticlient | 2024-02-04 | 6.8 MEDIUM | 6.5 MEDIUM |
| A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated. | |||||
| CVE-2015-3613 | 1 Fortinet | 1 Fortimanager | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page | |||||
| CVE-2019-6693 | 1 Fortinet | 1 Fortios | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set). | |||||
| CVE-2019-16154 | 1 Fortinet | 1 Fortiauthenticator | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page. | |||||
| CVE-2019-15707 | 1 Fortinet | 1 Fortimail | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for. | |||||
| CVE-2018-9195 | 1 Fortinet | 2 Forticlient, Fortios | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below. | |||||
| CVE-2015-3612 | 1 Fortinet | 1 Fortimanager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page. | |||||
| CVE-2019-6692 | 1 Fortinet | 1 Forticlient | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
| A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL. | |||||