Filtered by vendor Fortinet
Subscribe
Total
974 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7341 | 1 Fortinet | 1 Fortiwlc | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
| An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests. | |||||
| CVE-2017-14189 | 1 Fortinet | 1 Fortiweb Manager | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password. | |||||
| CVE-2017-7343 | 1 Fortinet | 1 Fortiportal | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. | |||||
| CVE-2017-3128 | 1 Fortinet | 1 Fortios | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter. | |||||
| CVE-2017-7336 | 1 Fortinet | 1 Fortiwlm | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges. | |||||
| CVE-2017-7736 | 1 Fortinet | 1 Fortiweb | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import. | |||||
| CVE-2017-3133 | 1 Fortinet | 1 Fortios | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. | |||||
| CVE-2017-3134 | 1 Fortinet | 1 Fortiwlc-sd | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
| An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'. | |||||
| CVE-2015-3615 | 1 Fortinet | 7 Fortimanager 2000e, Fortimanager 200d, Fortimanager 3000f and 4 more | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack. | |||||
| CVE-2017-7732 | 1 Fortinet | 1 Fortimail | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests. | |||||
| CVE-2017-14184 | 1 Fortinet | 2 Forticlient, Forticlient Sslvpn Client | 2025-04-20 | 4.0 MEDIUM | 8.8 HIGH |
| An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations. | |||||
| CVE-2017-3125 | 1 Fortinet | 1 Fortimail | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker. | |||||
| CVE-2017-7735 | 1 Fortinet | 1 Fortios | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups. | |||||
| CVE-2016-8494 | 1 Fortinet | 1 Connect | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme. | |||||
| CVE-2017-3130 | 1 Fortinet | 1 Fortios | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets. | |||||
| CVE-2017-7738 | 1 Fortinet | 1 Fortios | 2025-04-20 | 4.0 MEDIUM | 7.2 HIGH |
| An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command. | |||||
| CVE-2017-3126 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter. | |||||
| CVE-2016-8492 | 1 Fortinet | 1 Fortios | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption. | |||||
| CVE-2017-14182 | 1 Fortinet | 1 Fortios | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API. | |||||
| CVE-2017-3127 | 1 Fortinet | 1 Fortios | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation. | |||||