Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-42472
A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 up to and including 7.2.2, 7.0.0 up to and including 7.0.8, 6.4.0 up to and including 6.4.11, 6.2.0 up to and including 6.2.12, 6.0.0 up to and inc...
Fortinet Fortiproxy
Fortinet Fortiproxy 7.2.0
Fortinet Fortiproxy 7.2.1
Fortinet Fortios 7.2.0
Fortinet Fortios
Fortinet Fortios 7.2.1
Fortinet Fortios 7.2.2
9.8
CVSSv3
CVE-2024-23113
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 up to and including 7.4.2, 7.2.0 up to and including 7.2.6, 7.0.0 up to and including 7.0.13, FortiProxy versions 7.4.0 up to and including 7.4.2, 7.2.0 up to and including 7.2.8, 7.0.0 up to and incl...
Fortinet Fortipam
Fortinet Fortios
Fortinet Fortiproxy
Fortinet Fortipam 1.2.0
Fortinet Fortiswitchmanager
5 Github repositories
1 Article
5.4
CVSSv3
CVE-2016-3196
Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x prior to 5.0.12 and 5.2.x prior to 5.2.6 and FortiManager 5.x prior to 5.0.12 and 5.2.x prior to 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uplo...
Fortinet Fortimanager Firmware 5.2.2
Fortinet Fortimanager Firmware 5.2.3
Fortinet Fortimanager Firmware 5.0.6
Fortinet Fortimanager Firmware 5.0.7
Fortinet Fortimanager Firmware 5.2.4
Fortinet Fortimanager Firmware 5.2.5
Fortinet Fortimanager Firmware 5.0.8
Fortinet Fortimanager Firmware 5.0.9
Fortinet Fortimanager Firmware 5.0.4
Fortinet Fortimanager Firmware 5.0.5
Fortinet Fortimanager Firmware 5.0.10
Fortinet Fortimanager Firmware 5.0.3
Fortinet Fortimanager Firmware 5.2.0
Fortinet Fortimanager Firmware 5.2.1
Fortinet Fortianalyzer Firmware 5.2.3
Fortinet Fortianalyzer Firmware 5.2.4
Fortinet Fortianalyzer Firmware 5.2.1
Fortinet Fortianalyzer Firmware 5.2.5
Fortinet Fortianalyzer Firmware 5.0.0
Fortinet Fortianalyzer Firmware 5.2.2
Fortinet Fortianalyzer Firmware 5.0.5
Fortinet Fortianalyzer Firmware 5.2.0
9.8
CVSSv3
CVE-2023-34992
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 up to and including 6.7.5 and 6.6.0 up to and including 6.6.3 and 6.5.0 up to and including 6.5.1 and 6.4.0 up to and including 6.4...
Fortinet Fortisiem 6.4.1
Fortinet Fortisiem 6.4.0
Fortinet Fortisiem 6.5.0
Fortinet Fortisiem 6.5.1
Fortinet Fortisiem 6.4.2
Fortinet Fortisiem
Fortinet Fortisiem 7.0.0
1 Github repository
2 Articles
8.8
CVSSv3
CVE-2022-35845
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 up to and including 4.2.0, 2.3.0 up to and including 3.9.1 may allow an authenticated malicious use...
Fortinet Fortitester
Fortinet Fortitester 7.0.0
Fortinet Fortitester 7.1.0
Fortinet Fortitester 4.0.0
Fortinet Fortitester 4.1.0
Fortinet Fortitester 4.1.1
Fortinet Fortitester 4.2.0
8.8
CVSSv3
CVE-2021-36180
Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated malicious user to execute unauthorized code or commands via crafted param...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 5.9.0
Fortinet Fortiweb 5.9.1
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
5.4
CVSSv3
CVE-2022-42471
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 up to and including 7.0.2, FortiWeb version 6.4.0 up to and including 6.4.2, FortiWeb version 6.3.6 up to and including 6.3.20 may ...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.4.2
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb 7.0.2
Fortinet Fortiweb
9.8
CVSSv3
CVE-2023-33299
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows malicious user to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC version...
Fortinet Fortinac
Fortinet Fortinac 8.3.7
Fortinet Fortinac 9.4.0
Fortinet Fortinac 9.4.1
Fortinet Fortinac 9.4.2
Fortinet Fortinac 7.2.0
Fortinet Fortinac 7.2.1
7.2
CVSSv3
CVE-2022-27489
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 up to and including 7.0.3, 5.3.2, 4.2.4 and below allows malicious user to execute unauthorized code or commands via crafted HTTP requests.
Fortinet Fortiextender Firmware
Fortinet Fortiextender Firmware 3.0.0
Fortinet Fortiextender Firmware 3.0.1
Fortinet Fortiextender Firmware 3.0.2
Fortinet Fortiextender Firmware 3.1.0
Fortinet Fortiextender Firmware 3.1.1
Fortinet Fortiextender Firmware 5.3.2
9.8
CVSSv3
CVE-2021-41025
Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 up to and including 6.3.15, 6.2.0 up to and including 6.2.6, 6.1.0 up to and including 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
Fortinet Fortiweb 6.1.2
Fortinet Fortiweb 6.4.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »