Fortinet CVEs and Security Vulnerabilities

Filtered by vendor Fortinet Subscriptions

Search

Switch to Advanced Search (Beta)

Total 1051 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2015-1453	1 Fortinet	1 Forticlient	2025-04-12	N/A
The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences.
CVE-2015-1452	1 Fortinet	1 Fortios	2025-04-12	N/A
The Control and Provisioning of Wireless Access Points (CAPWAP) daemon in Fortinet FortiOS 5.0 Patch 7 build 4457 allows remote attackers to cause a denial of service (locked CAPWAP Access Controller) via a large number of ClientHello DTLS messages.
CVE-2015-1451	1 Fortinet	1 Fortios	2025-04-12	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the (1) WTP Name or (2) WTP Active Software Version field in a CAPWAP Join request.
CVE-2015-1457	1 Fortinet	1 Fortiauthenticator	2025-04-12	N/A
Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command.
CVE-2014-8619	1 Fortinet	1 Fortiweb	2025-04-12	N/A
Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-8617	1 Fortinet	1 Fortimail	2025-04-12	N/A
Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol.
CVE-2014-8616	1 Fortinet	1 Fortios	2025-04-12	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus.
CVE-2015-1880	1 Fortinet	1 Fortios	2025-04-12	N/A
Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-8618	1 Fortinet	6 Fortiadc-1500d, Fortiadc-2000d, Fortiadc-200d and 3 more	2025-04-12	N/A
Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-4738	1 Fortinet	1 Fortiweb	2025-04-12	N/A
Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) user/ldap_user/check_dlg or (2) user/radius_user/check_dlg.
CVE-2014-0331	1 Fortinet	9 Fortiadc-1000e, Fortiadc-1500d, Fortiadc-2000d and 6 more	2025-04-12	N/A
Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/.
CVE-2014-2336	1 Fortinet	2 Fortianalyzer Firmware, Fortimanager	2025-04-12	N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.
CVE-2014-2335	1 Fortinet	1 Fortianalyzer Firmware	2025-04-12	N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.
CVE-2014-1956	1 Fortinet	1 Fortiweb	2025-04-12	N/A
CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2014-2334	1 Fortinet	1 Fortianalyzer Firmware	2025-04-12	N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.
CVE-2014-2216	1 Fortinet	1 Fortios	2025-04-12	N/A
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted request.
CVE-2014-1957	1 Fortinet	1 Fortiweb	2025-04-12	N/A
FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.
CVE-2014-0351	1 Fortinet	1 Fortios	2025-04-12	N/A
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the client-server data stream.
CVE-2014-1955	1 Fortinet	1 Fortiweb	2025-04-12	N/A
Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1455	1 Fortinet	1 Fortiauthenticator	2025-04-12	N/A
Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors.

« first previous Page 19 of 53. next last »