ReportizFlow
Filtered by vendor Fortinet
Subscriptions
Total
1052 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-1453 | 1 Fortinet | 1 Forticlient | 2025-04-12 | N/A |
| The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences. | ||||
| CVE-2014-0331 | 1 Fortinet | 9 Fortiadc-1000e, Fortiadc-1500d, Fortiadc-2000d and 6 more | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/. | ||||
| CVE-2015-1456 | 1 Fortinet | 1 Fortiauthenticator | 2025-04-12 | N/A |
| Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/. | ||||
| CVE-2015-3293 | 1 Fortinet | 1 Fortimail | 2025-04-12 | N/A |
| FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command. | ||||
| CVE-2015-1451 | 1 Fortinet | 1 Fortios | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the (1) WTP Name or (2) WTP Active Software Version field in a CAPWAP Join request. | ||||
| CVE-2015-5965 | 1 Fortinet | 1 Fortios | 2025-04-12 | N/A |
| The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field. | ||||
| CVE-2015-1880 | 1 Fortinet | 1 Fortios | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-1570 | 1 Fortinet | 1 Forticlient | 2025-04-12 | N/A |
| The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate. | ||||
| CVE-2015-1569 | 1 Fortinet | 1 Forticlient | 2025-04-12 | N/A |
| Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate. | ||||
| CVE-2015-1459 | 1 Fortinet | 1 Fortiauthenticator | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. | ||||
| CVE-2016-5092 | 1 Fortinet | 1 Fortiweb | 2025-04-12 | N/A |
| Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature. | ||||
| CVE-2015-1455 | 1 Fortinet | 1 Fortiauthenticator | 2025-04-12 | N/A |
| Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2015-5735 | 1 Fortinet | 1 Forticlient | 2025-04-12 | N/A |
| The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call. | ||||
| CVE-2013-6990 | 1 Fortinet | 1 Fortiauthenticator | 2025-04-12 | N/A |
| FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface. | ||||
| CVE-2015-4077 | 1 Fortinet | 1 Forticlient | 2025-04-12 | N/A |
| The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call. | ||||
| CVE-2014-2334 | 1 Fortinet | 1 Fortianalyzer Firmware | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. | ||||
| CVE-2014-2336 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335. | ||||
| CVE-2015-7362 | 1 Fortinet | 1 Forticlient | 2025-04-12 | N/A |
| Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc setuid program. | ||||
| CVE-2014-2216 | 1 Fortinet | 1 Fortios | 2025-04-12 | N/A |
| The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted request. | ||||
| CVE-2014-1955 | 1 Fortinet | 1 Fortiweb | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||