Vulnerabilities > Fortinet > Fortiweb > 5.9.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-16 | CVE-2021-42756 | Out-of-bounds Write vulnerability in Fortinet Fortiweb Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests. | 9.8 |
| 2022-02-02 | CVE-2021-36193 | Out-of-bounds Write vulnerability in Fortinet Fortiweb Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands. | 7.2 |
| 2022-02-02 | CVE-2021-42753 | Path Traversal vulnerability in Fortinet Fortiweb An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem. | 8.1 |
| 2022-02-02 | CVE-2021-43073 | OS Command Injection vulnerability in Fortinet Fortiweb A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 8.8 |
| 2021-12-08 | CVE-2021-42757 | Out-of-bounds Write vulnerability in Fortinet products A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. | 6.7 |
| 2021-09-08 | CVE-2021-36179 | Out-of-bounds Write vulnerability in Fortinet Fortiweb A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution | 8.8 |
| 2021-09-08 | CVE-2021-36182 | OS Command Injection vulnerability in Fortinet Fortiweb A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests | 8.8 |
| 2021-06-01 | CVE-2021-22123 | OS Command Injection vulnerability in Fortinet Fortiweb An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page. | 8.8 |
| 2021-02-08 | CVE-2021-22122 | Cross-site Scripting vulnerability in Fortinet Fortiweb An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points. | 6.1 |
| 2021-01-14 | CVE-2020-29019 | Out-of-bounds Write vulnerability in Fortinet Fortiweb A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header. | 5.3 |