Vulnerabilities > Fortinet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-04-14 | CVE-2015-3293 | Information Exposure vulnerability in Fortinet Fortimail FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command. | 4.0 |
| 2015-03-19 | CVE-2015-2281 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Fortinet Single Sign ON 4.3 Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000. | 7.5 |
| 2015-03-04 | CVE-2014-8617 | Cross-site Scripting vulnerability in Fortinet Fortimail Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol. | 4.3 |
| 2015-02-10 | CVE-2015-1570 | Cryptographic Issues vulnerability in Fortinet Forticlient 5.2.028/5.2.3.091 The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate. | 4.3 |
| 2015-02-10 | CVE-2015-1569 | Cryptographic Issues vulnerability in Fortinet Forticlient 5.2.028 Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate. | 4.3 |
| 2015-02-03 | CVE-2015-1459 | Cross-site Scripting vulnerability in Fortinet Fortiauthenticator 3.0.0 Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. | 4.3 |
| 2015-02-03 | CVE-2015-1458 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortiauthenticator 3.0.0 Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command. | 6.9 |
| 2015-02-03 | CVE-2015-1457 | Information Exposure vulnerability in Fortinet Fortiauthenticator 3.0.0 Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. | 4.9 |
| 2015-02-03 | CVE-2015-1456 | Information Exposure vulnerability in Fortinet Fortiauthenticator 3.0.0 Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/. | 4.0 |
| 2015-02-03 | CVE-2015-1455 | Credentials Management vulnerability in Fortinet Fortiauthenticator 3.0.0 Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors. | 7.5 |