Vulnerabilities > Fortinet > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-28 | CVE-2018-13375 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer and Fortimanager An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. | 4.3 |
| 2019-04-25 | CVE-2018-1360 | Cleartext Transmission of Sensitive Information vulnerability in Fortinet Fortimanager A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses. | 4.3 |
| 2019-04-17 | CVE-2018-13378 | Information Exposure vulnerability in Fortinet Fortisiem An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code. | 4.0 |
| 2019-04-09 | CVE-2018-1356 | Cross-site Scripting vulnerability in Fortinet Fortisandbox A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component. | 4.3 |
| 2019-04-09 | CVE-2018-13366 | Information Exposure vulnerability in Fortinet Fortios An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol. | 5.0 |
| 2019-03-25 | CVE-2017-7340 | Cross-site Scripting vulnerability in Fortinet Fortiportal A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality. | 4.3 |
| 2019-02-08 | CVE-2018-9190 | NULL Pointer Dereference vulnerability in Fortinet Forticlient A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver. | 4.9 |
| 2019-01-22 | CVE-2018-13374 | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortios A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one. | 4.3 |
| 2018-11-27 | CVE-2018-13376 | Unspecified vulnerability in Fortinet Fortios An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response. | 5.0 |
| 2018-09-05 | CVE-2018-9194 | Information Exposure Through Discrepancy vulnerability in Fortinet Fortios A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. | 4.3 |