Total
176 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-13381 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads. | |||||
CVE-2018-13367 | 1 Fortinet | 1 Fortios | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI. | |||||
CVE-2018-13380 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters. | |||||
CVE-2019-5586 | 1 Fortinet | 1 Fortios | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests. | |||||
CVE-2019-5587 | 1 Fortinet | 1 Fortios | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods. | |||||
CVE-2018-13365 | 1 Fortinet | 1 Fortios | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page. | |||||
CVE-2017-17544 | 1 Fortinet | 1 Fortios | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations. | |||||
CVE-2018-13384 | 1 Fortinet | 1 Fortios | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains. | |||||
CVE-2019-5588 | 1 Fortinet | 1 Fortios | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests. | |||||
CVE-2018-13383 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages. | |||||
CVE-2018-13366 | 1 Fortinet | 1 Fortios | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol. | |||||
CVE-2018-9192 | 1 Fortinet | 1 Fortios | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used. | |||||
CVE-2018-9194 | 1 Fortinet | 1 Fortios | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used. | |||||
CVE-2018-13376 | 1 Fortinet | 1 Fortios | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response. | |||||
CVE-2018-1352 | 1 Fortinet | 1 Fortios | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable. | |||||
CVE-2017-14185 | 1 Fortinet | 1 Fortios | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal. | |||||
CVE-2018-9185 | 1 Fortinet | 1 Fortios | 2024-02-28 | 4.3 MEDIUM | 8.1 HIGH |
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature. | |||||
CVE-2017-14190 | 1 Fortinet | 1 Fortios | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests. | |||||
CVE-2012-0941 | 1 Fortinet | 1 Fortios | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list. | |||||
CVE-2017-14187 | 1 Fortinet | 1 Fortios | 2024-02-28 | 7.2 HIGH | 6.2 MEDIUM |
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command. |