Vulnerabilities in Fortinet

933 results

CVE-2021-36182HIGHA Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows aEPSS 1.9%CVE-2019-15710—An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized adminiEPSS 1.9%CVE-2021-36185HIGHA improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below alEPSS 1.9%CVE-2021-41017HIGHMultiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allowEPSS 1.9%CVE-2024-40584MEDIUMAn improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiAnalyzEPSS 1.9%CVE-2023-36553CRITICALA improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 tEPSS 1.9%CVE-2023-33308CRITICALA stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy versiEPSS 1.9%CVE-2024-50569MEDIUMA improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0 allowsEPSS 1.9%CVE-2021-26109HIGHAn integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacEPSS 1.8%CVE-2016-8493—In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability.EPSS 1.8%CVE-2023-26208LOWA improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows EPSS 1.8%CVE-2022-29056LOWA improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 throuEPSS 1.8%CVE-2018-9195—Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the kEPSS 1.8%CVE-2026-25836MEDIUMAn improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5EPSS 1.8%CVE-2022-39951HIGHA improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.EPSS 1.8%CVE-2018-13381MEDIUMA buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0,EPSS 1.8%CVE-2023-26209LOWA improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remEPSS 1.7%CVE-2017-14182—A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporariEPSS 1.7%CVE-2017-17544—A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their EPSS 1.7%CVE-2022-38374HIGHA improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 EPSS 1.7%

← previouspage 6 / 47next →