Vulnerabilities > Fortinet > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-04 | CVE-2019-5587 | Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortios Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods. | 4.0 |
2019-06-04 | CVE-2019-5586 | Cross-site Scripting vulnerability in Fortinet Fortios A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests. | 4.3 |
2019-06-04 | CVE-2018-13384 | Open Redirect vulnerability in Fortinet Fortios A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains. | 5.8 |
2019-06-04 | CVE-2018-13381 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Fortinet Fortios and Fortiproxy A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads. | 5.0 |
2019-06-04 | CVE-2018-13380 | Cross-site Scripting vulnerability in Fortinet Fortios A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters. | 4.3 |
2019-05-30 | CVE-2018-9193 | Unspecified vulnerability in Fortinet Forticlient A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the parsing of the file. | 4.6 |
2019-05-30 | CVE-2018-9191 | Unspecified vulnerability in Fortinet Forticlient A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates. | 4.6 |
2019-05-30 | CVE-2018-13368 | Unspecified vulnerability in Fortinet Forticlient A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection. | 4.6 |
2019-05-29 | CVE-2018-13365 | Information Exposure vulnerability in Fortinet Fortios An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page. | 5.0 |
2019-05-29 | CVE-2018-13383 | Out-of-bounds Write vulnerability in Fortinet Fortios and Fortiproxy A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages. | 4.3 |