Vulnerabilities > Fortinet > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-04 | CVE-2021-32596 | Use of Password Hash With Insufficient Computational Effort vulnerability in Fortinet Fortiportal A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables. | 7.5 |
| 2021-08-04 | CVE-2021-24018 | Out-of-bounds Write vulnerability in Fortinet Fortios A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image. | 8.8 |
| 2021-08-04 | CVE-2021-26098 | Use of Insufficiently Random Values vulnerability in Fortinet Fortisandbox An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs. | 7.5 |
| 2021-08-04 | CVE-2021-32590 | SQL Injection vulnerability in Fortinet Fortiportal Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests. | 8.8 |
| 2021-08-04 | CVE-2021-32594 | Unrestricted Upload of File with Dangerous Type vulnerability in Fortinet Fortiportal An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files. | 8.1 |
| 2021-07-20 | CVE-2021-22125 | OS Command Injection vulnerability in Fortinet Fortisandbox An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file. | 7.2 |
| 2021-07-20 | CVE-2021-26095 | Unspecified vulnerability in Fortinet Fortimail The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges. | 8.8 |
| 2021-07-12 | CVE-2021-24015 | OS Command Injection vulnerability in Fortinet Fortimail An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests. | 8.8 |
| 2021-07-12 | CVE-2021-26089 | Link Following vulnerability in Fortinet Forticlient An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase. | 7.8 |
| 2021-07-12 | CVE-2021-26090 | Memory Leak vulnerability in Fortinet Fortimail A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests. | 7.5 |