Vulnerabilities > Fortinet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-09 | CVE-2021-22129 | Classic Buffer Overflow vulnerability in Fortinet Fortimail Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests. | 8.8 |
| 2021-07-09 | CVE-2021-24007 | SQL Injection vulnerability in Fortinet Fortimail Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | 9.8 |
| 2021-07-09 | CVE-2021-24020 | Improper Verification of Cryptographic Signature vulnerability in Fortinet Fortimail A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification. | 9.8 |
| 2021-07-09 | CVE-2021-26100 | Improper Verification of Cryptographic Signature vulnerability in Fortinet Fortimail A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible. | 7.5 |
| 2021-07-09 | CVE-2021-26106 | OS Command Injection vulnerability in Fortinet Fortiap, Fortiap-S and Fortiap-W2 An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments. | 7.8 |
| 2021-07-06 | CVE-2021-24005 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiauthenticator Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key. | 7.5 |
| 2021-06-03 | CVE-2021-24023 | OS Command Injection vulnerability in Fortinet Fortiai Firmware An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command. | 8.8 |
| 2021-06-03 | CVE-2021-22130 | Out-of-bounds Write vulnerability in Fortinet Fortiproxy A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the `diagnose sys cpuset` with a large cpuset mask value. | 4.9 |
| 2021-06-02 | CVE-2021-24012 | Improper Certificate Validation vulnerability in Fortinet Fortios An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority. | 7.3 |
| 2021-06-02 | CVE-2020-6641 | Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortipresence Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters. | 4.3 |