Filtered by vendor Fortinet
Subscribe
Total
1123 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15942 | 1 Fortinet | 1 Fortiweb | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile. | |||||
| CVE-2020-15941 | 1 Fortinet | 1 Forticlient Endpoint Management Server | 2026-06-17 | 5.5 MEDIUM | 5.4 MEDIUM |
| A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages. | |||||
| CVE-2020-15940 | 1 Fortinet | 1 Forticlient Enterprise Management Server | 2026-06-17 | 3.5 LOW | 4.1 MEDIUM |
| An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server. | |||||
| CVE-2020-15939 | 1 Fortinet | 1 Fortisandbox | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL. | |||||
| CVE-2020-15938 | 1 Fortinet | 1 Fortios | 2026-06-17 | 4.3 MEDIUM | 4.0 MEDIUM |
| When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header. | |||||
| CVE-2020-15937 | 1 Fortinet | 1 Fortios | 2026-06-17 | 4.3 MEDIUM | 4.7 MEDIUM |
| An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard. | |||||
| CVE-2020-15936 | 1 Fortinet | 1 Fortios | 2026-06-17 | 4.0 MEDIUM | 2.6 LOW |
| A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets. | |||||
| CVE-2020-15935 | 1 Fortinet | 1 Fortiadc | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscating the passwords entry fields. | |||||
| CVE-2020-15934 | 1 Fortinet | 1 Forticlient | 2026-06-17 | N/A | 8.8 HIGH |
| An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine. | |||||
| CVE-2020-15933 | 1 Fortinet | 1 Fortimail | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to obtain potentially sensitive software-version information via client-side resources inspection. | |||||
| CVE-2020-12820 | 1 Fortinet | 1 Fortios | 2026-06-17 | N/A | 5.4 MEDIUM |
| Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter. | |||||
| CVE-2020-12819 | 1 Fortinet | 1 Fortios | 2026-06-17 | N/A | 5.4 MEDIUM |
| A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode is enabled. Arbitrary code execution may be theoretically possible, albeit practically very difficult to achieve in this context | |||||
| CVE-2020-12818 | 1 Fortinet | 36 Fortigate 1000d, Fortigate 100e, Fortigate 100f and 33 more | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed. | |||||
| CVE-2020-12817 | 1 Fortinet | 2 Fortianalyzer, Fortitester | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors. | |||||
| CVE-2020-12816 | 1 Fortinet | 1 Fortinac | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users. | |||||
| CVE-2020-12815 | 1 Fortinet | 2 Fortianalyzer, Fortitester | 2026-06-17 | 3.5 LOW | 5.4 MEDIUM |
| An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields. | |||||
| CVE-2020-12814 | 1 Fortinet | 1 Fortianalyzer | 2026-06-17 | 3.5 LOW | 4.1 MEDIUM |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI. | |||||
| CVE-2020-12812 | 1 Fortinet | 1 Fortios | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username. | |||||
| CVE-2020-12811 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field. | |||||
| CVE-2019-6700 | 1 Fortinet | 1 Fortisiem | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code. | |||||