Filtered by vendor Fortinet
Subscriptions
Total
1084 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4968 | 1 Fortinet | 1 Fortiwan | 2025-04-12 | N/A |
| The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request. | ||||
| CVE-2016-4965 | 1 Fortinet | 1 Fortiwan | 2025-04-12 | N/A |
| Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php. | ||||
| CVE-2015-1458 | 1 Fortinet | 1 Fortiauthenticator | 2025-04-12 | N/A |
| Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command. | ||||
| CVE-2014-1956 | 1 Fortinet | 1 Fortiweb | 2025-04-12 | N/A |
| CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | ||||
| CVE-2016-4966 | 1 Fortinet | 1 Fortiwan | 2025-04-12 | N/A |
| The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter. | ||||
| CVE-2016-4066 | 1 Fortinet | 1 Fortiweb | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb before 5.5.3 allows remote attackers to hijack the authentication of administrators for requests that change the password via unspecified vectors. | ||||
| CVE-2015-5736 | 1 Fortinet | 1 Forticlient | 2025-04-12 | N/A |
| The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call. | ||||
| CVE-2015-1455 | 1 Fortinet | 1 Fortiauthenticator | 2025-04-12 | N/A |
| Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2016-3196 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section. | ||||
| CVE-2016-3195 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-3194 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-3193 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-8038 | 1 Fortinet | 1 Fortimanager Firmware | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog. | ||||
| CVE-2015-8037 | 1 Fortinet | 1 Fortimanager Firmware | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SOMVpnSSLPortalDialog or (2) FGDMngUpdHistory. | ||||
| CVE-2015-7362 | 1 Fortinet | 1 Forticlient | 2025-04-12 | N/A |
| Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc setuid program. | ||||
| CVE-2015-3626 | 1 Fortinet | 1 Fortios | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname. | ||||
| CVE-2015-7360 | 1 Fortinet | 2 Fortisandbox, Fortisandbox Firmware | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) serial parameter to alerts/summary/profile/; the (2) urlForCreatingReport parameter to csearch/report/export/; the (3) id parameter to analysis/detail/download/screenshot; or vectors related to (4) "Fortiview threats by users search filtered by vdom" or (5) "PCAP file download generated by the VM scan feature." | ||||
| CVE-2015-7361 | 1 Fortinet | 1 Fortios | 2025-04-12 | N/A |
| FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors. | ||||
| CVE-2015-5965 | 1 Fortinet | 1 Fortios | 2025-04-12 | N/A |
| The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field. | ||||
| CVE-2015-5737 | 1 Fortinet | 1 Forticlient | 2025-04-12 | N/A |
| The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call. | ||||