Filtered by vendor Fortinet
Subscribe
Total
736 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-3626 | 1 Fortinet | 1 Fortios | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname. | |||||
CVE-2016-4965 | 1 Fortinet | 1 Fortiwan | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php. | |||||
CVE-2014-8618 | 1 Fortinet | 6 Fortiadc-1500d, Fortiadc-2000d, Fortiadc-200d and 3 more | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-4968 | 1 Fortinet | 1 Fortiwan | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request. | |||||
CVE-2016-4967 | 1 Fortinet | 1 Fortiwan | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCAP files via script/system/tcpdump.php. | |||||
CVE-2016-3978 | 1 Fortinet | 1 Fortios | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login." | |||||
CVE-2016-4966 | 1 Fortinet | 1 Fortiwan | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter. | |||||
CVE-2015-7363 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzer Firmware, Fortimanager and 1 more | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters. | |||||
CVE-2016-4969 | 1 Fortinet | 1 Fortiwan | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php. | |||||
CVE-2016-3196 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section. | |||||
CVE-2015-5736 | 1 Fortinet | 1 Forticlient | 2024-02-28 | 7.2 HIGH | N/A |
The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call. | |||||
CVE-2016-3194 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-2335 | 1 Fortinet | 1 Fortianalyzer Firmware | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. | |||||
CVE-2013-7182 | 1 Fortinet | 1 Fortios | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in firewall/schedule/recurrdlg in Fortinet FortiOS 5.0.5 allows remote attackers to inject arbitrary web script or HTML via the mkey parameter. | |||||
CVE-2013-6990 | 1 Fortinet | 1 Fortiauthenticator | 2024-02-28 | 9.0 HIGH | N/A |
FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface. | |||||
CVE-2015-1457 | 1 Fortinet | 1 Fortiauthenticator | 2024-02-28 | 4.9 MEDIUM | N/A |
Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. | |||||
CVE-2015-1455 | 1 Fortinet | 1 Fortiauthenticator | 2024-02-28 | 7.5 HIGH | N/A |
Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
CVE-2015-1453 | 1 Fortinet | 1 Forticlient | 2024-02-28 | 5.0 MEDIUM | N/A |
The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences. | |||||
CVE-2015-1570 | 1 Fortinet | 1 Forticlient | 2024-02-28 | 4.3 MEDIUM | N/A |
The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate. | |||||
CVE-2014-1458 | 1 Fortinet | 1 Fortiweb | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors. |