Filtered by vendor Fortinet
Subscribe
Total
1056 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29183 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 8.0 HIGH |
| An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting. | |||||
| CVE-2023-29182 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 6.4 MEDIUM |
| A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections. | |||||
| CVE-2023-29178 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 4.3 MEDIUM |
| A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests. | |||||
| CVE-2023-29177 | 1 Fortinet | 2 Fortiadc, Fortiddos-f | 2024-11-21 | N/A | 6.7 MEDIUM |
| Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests. | |||||
| CVE-2023-29175 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 4.8 MEDIUM |
| An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remote FortiGuard's map server. | |||||
| CVE-2023-28002 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 6.4 MEDIUM |
| An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place. | |||||
| CVE-2023-28001 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 4.1 MEDIUM |
| An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API. | |||||
| CVE-2023-28000 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | N/A | 6.7 MEDIUM |
| An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments in diagnose system df CLI command. | |||||
| CVE-2023-27999 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | N/A | 7.8 HIGH |
| An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | |||||
| CVE-2023-27998 | 1 Fortinet | 1 Fortipresence | 2024-11-21 | N/A | 5.3 MEDIUM |
| A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths. | |||||
| CVE-2023-27995 | 1 Fortinet | 1 Fortisoar | 2024-11-21 | N/A | 7.2 HIGH |
| A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload. | |||||
| CVE-2023-27993 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | N/A | 6.0 MEDIUM |
| A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands. | |||||
| CVE-2023-26209 | 1 Fortinet | 1 Fortideceptor | 2024-11-21 | N/A | 3.7 LOW |
| A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | |||||
| CVE-2023-26208 | 1 Fortinet | 1 Fortiauthenticator | 2024-11-21 | N/A | 3.7 LOW |
| A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | |||||
| CVE-2023-26207 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 3.3 LOW |
| An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. 7.2.0 through 7.2.1 allows an attacker to read certain passwords in plain text. | |||||
| CVE-2023-26206 | 1 Fortinet | 1 Fortinac | 2024-11-21 | N/A | 6.8 MEDIUM |
| An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs. | |||||
| CVE-2023-26205 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | N/A | 8.1 HIGH |
| An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script. | |||||
| CVE-2023-26204 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | N/A | 3.7 LOW |
| A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI. | |||||
| CVE-2023-26203 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-11-21 | N/A | 6.7 MEDIUM |
| A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands. | |||||
| CVE-2023-25611 | 1 Fortinet | 1 Fortianalyzer | 2024-11-21 | N/A | 4.0 MEDIUM |
| A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names. | |||||