Filtered by vendor Fortinet
Subscribe
Total
1123 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23439 | 1 Fortinet | 14 Fortiadc, Fortiauthenticator, Fortiddos and 11 more | 2026-06-17 | N/A | 4.7 MEDIUM |
| A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver | |||||
| CVE-2022-23438 | 1 Fortinet | 1 Fortios | 2026-06-17 | N/A | 4.7 MEDIUM |
| An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page. | |||||
| CVE-2022-22306 | 1 Fortinet | 1 Fortios | 2026-06-17 | 2.9 LOW | 5.4 MEDIUM |
| An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms. | |||||
| CVE-2022-22305 | 1 Fortinet | 4 Fortianalyzer, Fortimanager, Fortios and 1 more | 2026-06-17 | N/A | 5.4 MEDIUM |
| An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers. | |||||
| CVE-2022-22304 | 1 Fortinet | 1 Fortiauthenticator Agent For Microsoft Outlook Web Access | 2026-06-17 | N/A | 6.1 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests. | |||||
| CVE-2022-22303 | 1 Fortinet | 1 Fortimanager | 2026-06-17 | 2.1 LOW | 2.8 LOW |
| An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file. | |||||
| CVE-2022-22302 | 1 Fortinet | 2 Fortiauthenticator, Fortios | 2026-06-17 | N/A | 5.3 MEDIUM |
| A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem. | |||||
| CVE-2022-22301 | 1 Fortinet | 1 Fortiap-c | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments. | |||||
| CVE-2022-22300 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2026-06-17 | 6.5 MEDIUM | 4.3 MEDIUM |
| A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user. | |||||
| CVE-2022-22299 | 1 Fortinet | 4 Fortiadc, Fortimail, Fortios and 1 more | 2026-06-17 | N/A | 7.8 HIGH |
| A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments. | |||||
| CVE-2022-22298 | 1 Fortinet | 1 Fortiisolator | 2026-06-17 | N/A | 6.7 MEDIUM |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters. | |||||
| CVE-2022-22297 | 1 Fortinet | 2 Fortirecorder Firmware, Fortiweb | 2026-06-17 | N/A | 5.5 MEDIUM |
| An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments. | |||||
| CVE-2021-44172 | 1 Fortinet | 1 Forticlient Endpoint Management Server | 2026-06-17 | N/A | 4.3 MEDIUM |
| An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path. | |||||
| CVE-2021-44171 | 1 Fortinet | 1 Fortios | 2026-06-17 | N/A | 9.0 CRITICAL |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands. | |||||
| CVE-2021-44170 | 1 Fortinet | 2 Fortios, Fortiproxy | 2026-06-17 | N/A | 6.7 MEDIUM |
| A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments. | |||||
| CVE-2021-44169 | 1 Fortinet | 1 Forticlient | 2026-06-17 | 4.6 MEDIUM | 8.2 HIGH |
| A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory. | |||||
| CVE-2021-44168 | 1 Fortinet | 1 Fortios | 2026-06-17 | 4.6 MEDIUM | 3.3 LOW |
| A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages. | |||||
| CVE-2021-44167 | 1 Fortinet | 1 Forticlient | 2026-06-17 | 5.0 MEDIUM | 6.8 MEDIUM |
| An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links. | |||||
| CVE-2021-44166 | 1 Fortinet | 1 Fortitoken Mobile | 2026-06-17 | 3.5 LOW | 4.1 MEDIUM |
| An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user. | |||||
| CVE-2021-43206 | 1 Fortinet | 2 Fortios, Fortiproxy | 2026-06-17 | 4.3 MEDIUM | 4.3 MEDIUM |
| A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages. | |||||