Filtered by vendor Fortinet
Subscriptions
Filtered by product Fortios
Subscriptions
Total
235 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-45583 | 1 Fortinet | 4 Fortios, Fortipam, Fortiproxy and 1 more | 2024-11-21 | 6.5 Medium |
| A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests. | ||||
| CVE-2023-44250 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 8.3 High |
| An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests. | ||||
| CVE-2023-44247 | 1 Fortinet | 1 Fortios | 2024-11-21 | 6.5 Medium |
| A double free vulnerability [CWE-415] in Fortinet FortiOS before 7.0.0 may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests. | ||||
| CVE-2023-42790 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 7.7 High |
| A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | ||||
| CVE-2023-42789 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 9.3 Critical |
| A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | ||||
| CVE-2023-41841 | 1 Fortinet | 1 Fortios | 2024-11-21 | 7.4 High |
| An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions. | ||||
| CVE-2023-41678 | 1 Fortinet | 2 Fortios, Fortipam | 2024-11-21 | 8.3 High |
| A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request. | ||||
| CVE-2023-41675 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.8 Medium |
| A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection. | ||||
| CVE-2023-40718 | 1 Fortinet | 2 Fortios, Fortios Ips Engine | 2024-11-21 | 6.7 Medium |
| A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets. | ||||
| CVE-2023-37935 | 1 Fortinet | 1 Fortios | 2024-11-21 | 6.5 Medium |
| A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services. | ||||
| CVE-2023-36641 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 6.2 Medium |
| A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5, FortiOS version 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions allows attacker to denial of service via specifically crafted HTTP requests. | ||||
| CVE-2023-36640 | 1 Fortinet | 3 Fortios, Fortipam, Fortiproxy | 2024-11-21 | 6.5 Medium |
| A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands | ||||
| CVE-2023-36639 | 1 Fortinet | 3 Fortios, Fortipam, Fortiproxy | 2024-11-21 | 7 High |
| A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests. | ||||
| CVE-2023-36555 | 1 Fortinet | 1 Fortios | 2024-11-21 | 3.9 Low |
| An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components. | ||||
| CVE-2023-33308 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 9.8 Critical |
| A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection. | ||||
| CVE-2023-33307 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 6.4 Medium |
| A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter. | ||||
| CVE-2023-33306 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 6.2 Medium |
| A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter. | ||||
| CVE-2023-33305 | 1 Fortinet | 3 Fortios, Fortiproxy, Fortiweb | 2024-11-21 | 4.9 Medium |
| A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests. | ||||
| CVE-2023-33301 | 1 Fortinet | 1 Fortios | 2024-11-21 | 6.5 Medium |
| An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host. | ||||
| CVE-2023-29183 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 7.3 High |
| An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting. | ||||