Vulnerabilities in Fortinet

933 results

CVE-2020-12811—An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, EPSS 0.8%CVE-2021-36172MEDIUMAn improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow EPSS 0.8%CVE-2022-23447HIGHAn improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interfaEPSS 0.8%CVE-2023-23780HIGHA stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet ForEPSS 0.8%CVE-2021-43081MEDIUMAn improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6EPSS 0.8%CVE-2025-47855CRITICALAn exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in Fortinet FortiFone 7.0.0 through 7.0.1, FortiFone 3EPSS 0.8%CVE-2024-35275MEDIUMA improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2EPSS 0.8%CVE-2021-26115HIGHAn OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authenticated aEPSS 0.8%CVE-2024-26010MEDIUMA stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FoEPSS 0.8%CVE-2023-41682HIGHA improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0, FortiSandbox EPSS 0.8%CVE-2021-43077HIGHA improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, versionEPSS 0.8%CVE-2021-32598MEDIUMAn improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUIEPSS 0.8%CVE-2022-40677HIGHA improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.EPSS 0.8%CVE-2023-48784MEDIUMA use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all veEPSS 0.8%CVE-2020-12819MEDIUMA heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 aEPSS 0.8%CVE-2023-37931HIGHAn improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiVoice Entreprise versEPSS 0.8%CVE-2024-48885MEDIUMA improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiRecorder 7.2.0 through 7.2.1EPSS 0.8%CVE-2020-15933MEDIUMA exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and beEPSS 0.8%CVE-2021-26096MEDIUMMultiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to maEPSS 0.8%CVE-2023-36554HIGHA improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 tEPSS 0.8%

← previouspage 16 / 47next →