Vulnerabilities > Fortinet > Fortios > 6.4.13

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-36641 Unspecified vulnerability in Fortinet Fortios and Fortiproxy
A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5, FortiOS version 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions allows attacker to denial of service via specifically crafted HTTP requests.
network
low complexity
fortinet
6.5
2023-08-17 CVE-2023-29182 Out-of-bounds Write vulnerability in Fortinet Fortios
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections.
local
low complexity
fortinet CWE-787
6.7
2023-02-16 CVE-2022-38378 Improper Privilege Management vulnerability in Fortinet Fortios and Fortiproxy
An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands.
local
low complexity
fortinet CWE-269
6.0
2023-02-16 CVE-2022-39948 Improper Certificate Validation vulnerability in Fortinet Fortios and Fortiproxy
An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.0.0 through 7.0.6, 2.0 all versions, 1.2 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS/FortiProxy)
network
high complexity
fortinet CWE-295
7.4