Vulnerabilities in Fortinet
933 resultsCVE-2021-42761HIGHA condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.EPSS 1.5%CVE-2021-24009HIGHMultiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) in the Web GUI of FortiWAN before 4.5.9 EPSS 1.5%CVE-2019-17652—A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient procEPSS 1.4%CVE-2021-41025HIGHMultiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2EPSS 1.4%CVE-2021-36173HIGHA heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 thEPSS 1.4%CVE-2021-24007CRITICALMultiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticatedEPSS 1.4%CVE-2016-8492—The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the devicEPSS 1.4%CVE-2021-36166CRITICALAn improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative accouEPSS 1.4%CVE-2021-22125MEDIUMAn instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated admEPSS 1.4%CVE-2023-46714MEDIUMA stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allowsEPSS 1.4%CVE-2021-36194HIGHMultiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated aEPSS 1.4%CVE-2019-16152—A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient pEPSS 1.4%CVE-2021-36187MEDIUMA uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to cause aEPSS 1.4%CVE-2023-42787MEDIUMA client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAEPSS 1.4%CVE-2025-64157MEDIUMA use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2EPSS 1.4%CVE-2025-47856HIGHTwo improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiVoiEPSS 1.4%CVE-2024-36512HIGHAn improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.EPSS 1.3%CVE-2023-42788HIGHAn improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiEPSS 1.3%CVE-2021-26090MEDIUMA missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2EPSS 1.3%CVE-2023-23779MEDIUMMultiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb verEPSS 1.3%