Vulnerabilities > Fortinet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-27 | CVE-2018-13376 | Unspecified vulnerability in Fortinet Fortios An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response. | 7.5 |
| 2018-09-05 | CVE-2018-9194 | Information Exposure Through Discrepancy vulnerability in Fortinet Fortios A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. | 5.9 |
| 2018-09-05 | CVE-2018-9192 | Information Exposure Through Discrepancy vulnerability in Fortinet Fortios A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. | 5.9 |
| 2018-09-05 | CVE-2018-1353 | Information Exposure vulnerability in Fortinet Fortimanager An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom. | 4.3 |
| 2018-07-16 | CVE-2017-17541 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature. | 6.1 |
| 2018-07-05 | CVE-2018-9185 | Information Exposure vulnerability in Fortinet Fortios An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature. | 8.1 |
| 2018-06-28 | CVE-2018-1351 | Cross-site Scripting vulnerability in Fortinet Fortimanager A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log. | 4.8 |
| 2018-06-27 | CVE-2018-1355 | Open Redirect vulnerability in Fortinet Fortianalyzer and Fortimanager An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. | 6.1 |
| 2018-06-27 | CVE-2018-1354 | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortimanager An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. | 6.5 |
| 2018-05-31 | CVE-2018-9186 | Cross-site Scripting vulnerability in Fortinet Fortiauthenticator A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header. | 6.1 |