Vulnerabilities > Fortinet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-12 | CVE-2021-26090 | Memory Leak vulnerability in Fortinet Fortimail A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests. | 5.0 |
| 2021-07-12 | CVE-2021-26099 | Unspecified vulnerability in Fortinet Fortimail Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext. | 4.9 |
| 2021-07-09 | CVE-2020-29014 | Race Condition vulnerability in Fortinet Fortisandbox A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands. | 6.3 |
| 2021-07-09 | CVE-2021-22129 | Classic Buffer Overflow vulnerability in Fortinet Fortimail Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests. | 6.5 |
| 2021-07-09 | CVE-2021-24007 | SQL Injection vulnerability in Fortinet Fortimail Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | 7.5 |
| 2021-07-09 | CVE-2021-24020 | Improper Verification of Cryptographic Signature vulnerability in Fortinet Fortimail A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification. | 7.5 |
| 2021-07-09 | CVE-2021-26100 | Improper Verification of Cryptographic Signature vulnerability in Fortinet Fortimail A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible. | 5.0 |
| 2021-07-09 | CVE-2021-26106 | OS Command Injection vulnerability in Fortinet Fortiap, Fortiap-S and Fortiap-W2 An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments. | 4.6 |
| 2021-07-06 | CVE-2021-24005 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiauthenticator Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key. | 5.0 |
| 2021-06-03 | CVE-2021-24023 | OS Command Injection vulnerability in Fortinet Fortiai Firmware An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command. | 9.0 |