Vulnerabilities > Fortinet > Fortios > 4.1.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-04 | CVE-2019-5587 | Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortios Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods. | 6.5 |
| 2019-06-04 | CVE-2018-13384 | Open Redirect vulnerability in Fortinet Fortios A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains. | 6.1 |
| 2019-06-04 | CVE-2018-13381 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Fortinet Fortios and Fortiproxy A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads. | 7.5 |
| 2019-06-04 | CVE-2018-13380 | Cross-site Scripting vulnerability in Fortinet Fortios A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters. | 6.1 |
| 2019-05-29 | CVE-2018-13365 | Information Exposure vulnerability in Fortinet Fortios An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page. | 5.3 |
| 2019-04-09 | CVE-2018-13366 | Information Exposure vulnerability in Fortinet Fortios An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol. | 5.3 |
| 2019-04-09 | CVE-2017-17544 | Improper Privilege Management vulnerability in Fortinet Fortios A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations. | 7.2 |
| 2019-01-22 | CVE-2018-13374 | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortiadc and Fortios A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one. | 4.3 |
| 2018-11-27 | CVE-2018-13376 | Unspecified vulnerability in Fortinet Fortios An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response. | 7.5 |
| 2018-07-05 | CVE-2018-9185 | Information Exposure vulnerability in Fortinet Fortios An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature. | 8.1 |