Vulnerabilities > Fortinet > Fortiweb > High

DATE CVE VULNERABILITY TITLE RISK
2021-12-09 CVE-2021-36194 Out-of-bounds Write vulnerability in Fortinet Fortiweb
Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests.
network
low complexity
fortinet CWE-787
8.8
2021-12-08 CVE-2021-36195 OS Command Injection vulnerability in Fortinet Fortiweb
Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments.
network
low complexity
fortinet CWE-78
8.8
2021-12-08 CVE-2021-41017 Out-of-bounds Write vulnerability in Fortinet Fortiweb
Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests.
network
low complexity
fortinet CWE-787
8.8
2021-12-08 CVE-2021-41014 Resource Exhaustion vulnerability in Fortinet Fortiweb
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets
network
low complexity
fortinet CWE-400
7.5
2021-12-08 CVE-2021-41027 Out-of-bounds Write vulnerability in Fortinet Fortiweb 6.4.0/6.4.1
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute unauthorized code or commands via crafted certificates loaded into the device.
local
low complexity
fortinet CWE-787
7.8
2021-12-08 CVE-2021-36180 OS Command Injection vulnerability in Fortinet Fortiweb
Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.
network
low complexity
fortinet CWE-78
8.8
2021-11-02 CVE-2021-36187 Resource Exhaustion vulnerability in Fortinet Fortiweb
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to cause a denial of service for webserver daemon via crafted HTTP requests
network
low complexity
fortinet CWE-400
7.5
2021-09-08 CVE-2021-36179 Out-of-bounds Write vulnerability in Fortinet Fortiweb
A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution
network
low complexity
fortinet CWE-787
8.8
2021-09-08 CVE-2021-36182 OS Command Injection vulnerability in Fortinet Fortiweb
A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests
network
low complexity
fortinet CWE-78
8.8
2021-06-01 CVE-2021-22123 OS Command Injection vulnerability in Fortinet Fortiweb
An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page.
network
low complexity
fortinet CWE-78
8.8