Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortimail 6.4.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-24020
A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 up to and including 6.4.4, and 6.2.0 up to and including 6.2.7 may allow an unauthenticated malicious user to tamper with signed URLs by appending further data which allows bypass o...
Fortinet Fortimail
8.8
CVSSv3
CVE-2022-27488
A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 up to and including 7.0.4, 6.4.0 up to and including 6.4.10, 6.2.0 up to and including 6.2.7, 6.0.x, FortiMail version 7.0.0 up to and including 7.0.3, 6.4.0 up to...
Fortinet Fortiswitch
Fortinet Fortimail
Fortinet Fortirecorder
Fortinet Fortiai 1.5.3
Fortinet Fortiai 1.1.0
Fortinet Fortindr 7.1.0
Fortinet Fortindr
Fortinet Fortivoice
8.8
CVSSv3
CVE-2021-26095
The combination of various cryptographic issues in the session management of FortiMail 6.4.0 up to and including 6.4.4 and 6.2.0 up to and including 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie t...
Fortinet Fortimail
7.8
CVSSv3
CVE-2022-22299
A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 up to and including 6.0.4, FortiADC version 6.1.0 up to and including 6.1.5, FortiADC version 6.2.0 up to and including 6.2.1, FortiProxy version 1.0.0 up to and including 1.0.7, For...
Fortinet Fortiproxy
Fortinet Fortios
Fortinet Fortiadc 6.2.0
Fortinet Fortiadc 6.2.1
Fortinet Fortimail
Fortinet Fortiproxy 7.0.0
Fortinet Fortiproxy 7.0.1
Fortinet Fortiadc
7.5
CVSSv3
CVE-2021-26090
A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 up to and including 6.4.4 and 6.2.0 up to and including 6.2.6 may allow an unauthenticated remote malicious user to exhaust available memory via specifically crafted login req...
Fortinet Fortimail
6.7
CVSSv3
CVE-2021-42757
A buffer overflow [CWE-121] in the TFTP client library of FortiOS prior to 6.4.7 and FortiOS 7.0.0 up to and including 7.0.2, may allow an authenticated local malicious user to achieve arbitrary code execution via specially crafted command line arguments.
Fortinet Fortiweb 6.4.0
Fortinet Fortios
Fortinet Fortiweb 6.4.1
Fortinet Fortiproxy 7.0.0
Fortinet Fortimanager
Fortinet Fortianalyzer
Fortinet Fortiproxy 7.0.1
Fortinet Fortimail
Fortinet Fortios-6k7k 6.4.6
Fortinet Fortios-6k7k 6.4.2
Fortinet Fortiweb
Fortinet Fortiproxy
Fortinet Fortindr
Fortinet Fortiswitch
Fortinet Fortirecorder Firmware
Fortinet Fortios-6k7k
Fortinet Fortiadc
Fortinet Fortiportal
Fortinet Fortivoice
5.3
CVSSv3
CVE-2022-29056
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 up to and including 6.2.4 and prior to 6.0.9 allows a remote unauthenticated malicious user to partially exhaust CPU and memory via sending numer...
Fortinet Fortimail 6.4.0
Fortinet Fortimail
5.3
CVSSv3
CVE-2020-15933
A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows malicious user to obtain potentially sensitive software-version information via client-side re...
Fortinet Fortimail
Fortinet Fortimail 6.2.0
Fortinet Fortimail 6.2.1
Fortinet Fortimail 6.2.2
Fortinet Fortimail 6.2.3
Fortinet Fortimail 6.2.4
Fortinet Fortimail 6.4.0
Fortinet Fortimail 6.4.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started