Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortios vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-13381
A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 up to and including 6.0.4, 5.6.0 up to and including 5.6.7, 5.4 and previous versions versions and FortiProxy 2.0.0, 1.2.8 and previous versions versions under SSL VPN web portal allows a non-authenticated malicious user t...
Fortinet Fortiproxy
Fortinet Fortiproxy 2.0.0
Fortinet Fortios
NA
CVE-2005-3057
The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions prior to 3.0 MR1, allows remote malicious users to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as d...
Fortinet Fortios
Fortinet Fortigate 2.8
NA
CVE-2005-3058
Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote malicious users to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field,...
Fortinet Fortios
Fortinet Fortigate 2.8
1 EDB exploit
8.8
CVSSv3
CVE-2023-46717
An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts.
Fortinet Fortios
1 Article
6.7
CVSSv3
CVE-2023-29182
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS prior to 7.0.3 allows a privileged malicious user to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections.
Fortinet Fortios
1 Article
5.4
CVSSv3
CVE-2023-36555
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an malicious user to execute unauthorized code or commands via the SAML and Security Fabric components.
Fortinet Fortios
7.2
CVSSv3
CVE-2023-44247
A double free vulnerability [CWE-415] in Fortinet FortiOS prior to 7.0.0 may allow a privileged malicious user to execute code or commands via crafted HTTP or HTTPs requests.
Fortinet Fortios
9.8
CVSSv3
CVE-2023-28001
An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an malicious user to execute unauthorized code or commands via reusing the session of a deleted user in the REST API.
Fortinet Fortios
8.8
CVSSv3
CVE-2023-41841
An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions.
Fortinet Fortios
7.5
CVSSv3
CVE-2019-17655
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 up to and including 6.2.2, 6.0.9 and previous versions and FortiProxy 2.0.0, 1.2.9 and previous versions may allow an malicious user to retrieve a logged-in SSL VPN user's credentials s...
Fortinet Fortios
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »