Vulnerabilities > Fortinet > Fortiportal > 5.2.7

DATE CVE VULNERABILITY TITLE RISK
2021-12-08 CVE-2021-42757 Out-of-bounds Write vulnerability in Fortinet products
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
local
low complexity
fortinet CWE-787
6.7
6.7
2021-11-02 CVE-2021-36174 Allocation of Resources Without Limits or Throttling vulnerability in Fortinet Fortiportal
A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may allow an attacker to perform a denial of service attack via specially crafted license blobs.
network
low complexity
fortinet CWE-770
5.0
5.0
2021-11-02 CVE-2021-36176 Cross-site Scripting vulnerability in Fortinet Fortiportal
Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.
network
fortinet CWE-79
4.3
4.3
2021-11-02 CVE-2021-32595 Resource Exhaustion vulnerability in Fortinet Fortiportal
Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.
network
low complexity
fortinet CWE-400
4.0
4.0
2021-11-02 CVE-2021-36181 Race Condition vulnerability in Fortinet Fortiportal
A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific coordination of web requests.
network
fortinet CWE-362
3.5
3.5