VYPR

Vendor CVEs

Fortinet

All CVEs

1,127 total · sorted by risk
  • CVE-2014-2335Oct 31, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

  • CVE-2014-2334Oct 31, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

  • CVE-2014-0351Sep 10, 2014
    risk 0.00cvss epss 0.01

    The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by…

  • CVE-2014-2216Aug 25, 2014
    risk 0.00cvss epss 0.05

    The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted request.

  • CVE-2014-4738Jul 11, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) user/ldap_user/check_dlg or (2) user/radius_user/check_dlg.

  • CVE-2014-3115May 8, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors.

  • CVE-2014-1957Apr 30, 2014
    risk 0.00cvss epss 0.01

    FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.

  • CVE-2014-1956Apr 30, 2014
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

  • CVE-2014-1955Apr 30, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-6990Apr 30, 2014
    risk 0.00cvss epss 0.01

    FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface.

  • CVE-2014-0331Apr 10, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/.

  • CVE-2014-1458Feb 4, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-7182Feb 4, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in firewall/schedule/recurrdlg in Fortinet FortiOS 5.0.5 allows remote attackers to inject arbitrary web script or HTML via the mkey parameter.

  • CVE-2013-7181Feb 4, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter.

  • CVE-2013-4669Jun 25, 2013
    risk 0.00cvss epss 0.01

    FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after…

  • CVE-2013-4604Jun 25, 2013
    risk 0.00cvss epss 0.01

    Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role.

  • CVE-2012-4948Nov 14, 2012
    risk 0.00cvss epss 0.00

    The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence…

  • CVE-2009-1262Apr 7, 2009
    risk 0.00cvss epss 0.00

    Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.

  • CVE-2008-5531Dec 12, 2008
    risk 0.00cvss epss 0.03

    Fortinet Antivirus 3.113.0.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension,…

  • CVE-2008-0779Feb 14, 2008
    risk 0.00cvss epss 0.00

    The fortimon.sys device driver in Fortinet FortiClient Host Security 3.0 MR5 Patch 3 and earlier does not properly initialize its DeviceExtension, which allows local users to access kernel memory and execute arbitrary code via a crafted request.

  • CVE-2006-3222Jun 24, 2006
    risk 0.00cvss epss 0.02

    The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode.

  • CVE-2006-1966Apr 21, 2006
    risk 0.00cvss epss 0.02

    An unspecified Fortinet product, possibly Fortinet28, allows remote attackers to cause a denial of service via a "small synflood" to the SMTP port (TCP port 25), as demonstrated by a 10-microsecond wait between sending packets. NOTE: this issue has been disputed in followup…

  • CVE-2005-3057Dec 31, 2005
    risk 0.00cvss epss 0.03

    The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as…

  • CVE-2005-4570Dec 29, 2005
    risk 0.00cvss epss 0.02

    The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with…

  • CVE-2005-3400Nov 1, 2005
    risk 0.00cvss epss 0.01

    Multiple interpretation error in Fortinet 2.48.0.0 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still…

  • CVE-2005-3221Oct 14, 2005
    risk 0.00cvss epss 0.02

    Multiple interpretation error in unspecified versions of Fortinet Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar…

  • CVE-2005-1837Jun 1, 2005
    risk 0.00cvss epss 0.01

    Fortinet firewall running FortiOS 2.x contains a hardcoded username with the password set to the serial number, which allows local users with console access to gain privileges.

Page 23 of 23