Vulnerabilities > Fortinet > Fortios > 6.0.13
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-08 | CVE-2021-42757 | Out-of-bounds Write vulnerability in Fortinet products A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. | 6.7 |
| 2021-11-17 | CVE-2021-32600 | Information Exposure vulnerability in Fortinet Fortios An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and the network interface list. | 3.8 |
| 2021-08-04 | CVE-2021-24018 | Out-of-bounds Write vulnerability in Fortinet Fortios A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image. | 8.8 |
| 2021-03-04 | CVE-2020-15938 | Unspecified vulnerability in Fortinet Fortios When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header. | 7.5 |
| 2020-09-24 | CVE-2020-12818 | Unspecified vulnerability in Fortinet Fortios An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed. | 5.3 |
| 2020-08-14 | CVE-2019-5591 | Missing Authentication for Critical Function vulnerability in Fortinet Fortios A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. | 6.5 |
| 2020-06-16 | CVE-2019-17655 | Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortios A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system. | 7.5 |
| 2019-08-23 | CVE-2018-13367 | Information Exposure vulnerability in Fortinet Fortios An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI. | 5.3 |