fortinet

1,136 tracked vulnerabilities.

CVE-2021-36170 LOW
FortiAnalyzerVM/FortiManagerVM <7.0.0,6.4.6 - Info Disclosure
Oct 06, 2021
CVSS 3.2
EPSS 0.00
CVE-2021-24021 MEDIUM
FortiAnalyzer < 6.2.8 - Authenticated Stored Cross-Site Scripting via Logview Column Settings
Oct 06, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-24019 HIGH
FortiClientEMS < 6.4.2 and <= 6.2.8 - Insufficient Session Expiration
Oct 06, 2021
CVSS 8.1
EPSS 0.04
CVE-2021-24017 MEDIUM
FortiManager < 6.2.7 - Improper Authentication via Request Handler
Sep 30, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-24016 LOW
Fortinet FortiManager <6.4.3 - Command Injection
Sep 30, 2021
CVSS 3.7
EPSS 0.00
CVE-2021-36182 HIGH
Fortinet FortiWeb <6.3.13 - Command Injection
Sep 08, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-36179 HIGH
Fortinet FortiWeb <6.3.14 - Buffer Overflow
Sep 08, 2021
CVSS 8.0
EPSS 0.02
CVE-2021-24006 MEDIUM
FortiManager <6.4.3 - Privilege Escalation
Sep 06, 2021
CVSS 6.3
EPSS 0.01
CVE-2021-32602 MEDIUM
FortiPortal < 4.0.4 - Unauthenticated Cross-Site Scripting via Lang Parameter
Aug 19, 2021
CVSS 5.8
EPSS 0.01
CVE-2021-32588 CRITICAL
FortiPortal <=6.0.4 Unauthenticated RCE via Tomcat Hard-coded Credentials
Aug 18, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-32597 MEDIUM
FortiAnalyzer and FortiManager < 6.2.8 - Authenticated Stored Cross-Site Scripting via GET Parameters
Aug 06, 2021
CVSS 4.6
EPSS 0.01
CVE-2021-32587 MEDIUM
FortiManager/FortiAnalyzer <7.0.0, <6.4.5, <6.2.8, <6.0.11, <5.6.11...
Aug 06, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-32603 HIGH
FortiAnalyzer and FortiManager 5.6.0-6.2.7 - Authenticated Server-Side Request Forgery
Aug 05, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-32598 MEDIUM
FortiAnalyzer and FortiManager 5.6.0-7.0.0 - Authenticated HTTP Request Smuggling via CRLF Injection
Aug 05, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-24014 MEDIUM
FortiSandbox < 4.0.0 - Unauthenticated Cross-Site Scripting via Crafted Request Parameters
Aug 04, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-22124 HIGH
FortiAuthenticator <6.0.6 & FortiSandbox 3.0.0-3.2.2 - DoS via Long Request Parameters
Aug 04, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-26096 MEDIUM
FortiSandbox < 4.0.0 - Authenticated Heap-Based Buffer Overflow via Command Shell Arguments
Aug 04, 2021
CVSS 6.4
EPSS 0.01
CVE-2021-32596 MEDIUM
FortiPortal <6.04 - Info Disclosure
Aug 04, 2021
CVSS 6.0
EPSS 0.00
CVE-2021-26097 HIGH
FortiSandbox 3.0.0-3.0.6, 3.1.0-3.1.4, 3.2.0-3.2.2 - Authenticated OS Command Injection via HTTP Requests
Aug 04, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-36168 MEDIUM
Fortinet FortiPortal <6.0.5-6.2.5 - Path Traversal
Aug 04, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-24018 MEDIUM
FortiOS < 6.2.10 - Out-of-bounds Write via Firmware Verification Routine
Aug 04, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-24010 HIGH
FortiSandbox 3.1.0-3.1.4 and 3.2.0-3.2.2 - Authenticated Path Traversal via Crafted Web Requests
Aug 04, 2021
CVSS 8.1
EPSS 0.01
CVE-2021-32594 MEDIUM
FortiPortal 4.0.0-4.0.3, 4.2.0-4.2.2, 5.2.0-5.2.5, 5.3.0-5.3.5, 6.0.0-6.0.4 - Unrestricted File Upload via Web Interface
Aug 04, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-32590 CRITICAL
FortiPortal 4.2.2-6.0.4 - Authenticated SQL Injection via HTTP Requests
Aug 04, 2021
CVSS 9.9
EPSS 0.02
CVE-2021-26098 MEDIUM
FortiSandbox <4.0.0 - Info Disclosure
Aug 04, 2021
CVSS 5.3
EPSS 0.01