Filtered by vendor Fortinet
Subscriptions
Total
1123 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5965 | 1 Fortinet | 1 Fortios | 2025-04-12 | N/A |
| The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field. | ||||
| CVE-2015-1453 | 1 Fortinet | 1 Forticlient | 2025-04-12 | N/A |
| The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences. | ||||
| CVE-2015-1457 | 1 Fortinet | 1 Fortiauthenticator | 2025-04-12 | N/A |
| Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. | ||||
| CVE-2014-8616 | 1 Fortinet | 1 Fortios | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus. | ||||
| CVE-2014-1956 | 1 Fortinet | 1 Fortiweb | 2025-04-12 | N/A |
| CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | ||||
| CVE-2014-8582 | 1 Fortinet | 7 Coyote Point Equalizer, Coyote Point Equalizer Firmware, Fortiadc-1000e and 4 more | 2025-04-12 | N/A |
| FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors. | ||||
| CVE-2014-2216 | 1 Fortinet | 1 Fortios | 2025-04-12 | N/A |
| The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted request. | ||||
| CVE-2014-2335 | 1 Fortinet | 1 Fortianalyzer Firmware | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. | ||||
| CVE-2016-3194 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-1955 | 1 Fortinet | 1 Fortiweb | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-5736 | 1 Fortinet | 1 Forticlient | 2025-04-12 | N/A |
| The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call. | ||||
| CVE-2014-0331 | 1 Fortinet | 9 Fortiadc-1000e, Fortiadc-1500d, Fortiadc-2000d and 6 more | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/. | ||||
| CVE-2016-3195 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-6990 | 1 Fortinet | 1 Fortiauthenticator | 2025-04-12 | N/A |
| FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface. | ||||
| CVE-2014-4738 | 1 Fortinet | 1 Fortiweb | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) user/ldap_user/check_dlg or (2) user/radius_user/check_dlg. | ||||
| CVE-2014-1957 | 1 Fortinet | 1 Fortiweb | 2025-04-12 | N/A |
| FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. | ||||
| CVE-2015-4077 | 1 Fortinet | 1 Forticlient | 2025-04-12 | N/A |
| The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call. | ||||
| CVE-2015-1451 | 1 Fortinet | 1 Fortios | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the (1) WTP Name or (2) WTP Active Software Version field in a CAPWAP Join request. | ||||
| CVE-2015-1452 | 1 Fortinet | 1 Fortios | 2025-04-12 | N/A |
| The Control and Provisioning of Wireless Access Points (CAPWAP) daemon in Fortinet FortiOS 5.0 Patch 7 build 4457 allows remote attackers to cause a denial of service (locked CAPWAP Access Controller) via a large number of ClientHello DTLS messages. | ||||
| CVE-2015-5737 | 1 Fortinet | 1 Forticlient | 2025-04-12 | N/A |
| The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call. | ||||