Vulnerabilities > Fortinet > Fortios > 6.0.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-12 | CVE-2019-17656 | Out-of-bounds Write vulnerability in Fortinet Fortios and Fortiproxy A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. | 4.0 |
| 2021-03-04 | CVE-2020-15938 | Unspecified vulnerability in Fortinet Fortios When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header. network fortinet | 4.3 |
| 2020-09-24 | CVE-2020-12818 | Unspecified vulnerability in Fortinet Fortios An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed. | 5.0 |
| 2020-08-14 | CVE-2019-5591 | Information Exposure vulnerability in Fortinet Fortios A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. | 3.3 |
| 2020-07-24 | CVE-2020-12812 | Improper Handling of Case Sensitivity vulnerability in Fortinet Fortios An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username. | 9.8 |
| 2020-06-16 | CVE-2019-17655 | Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortios A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system. | 5.0 |