Vulnerabilities > Fortinet > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-05-12 | CVE-2014-8616 | Cross-site Scripting vulnerability in Fortinet Fortios 5.2.0/5.2.1/5.2.2 Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus. | 4.3 |
| 2015-04-14 | CVE-2015-3293 | Information Exposure vulnerability in Fortinet Fortimail FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command. | 4.0 |
| 2015-03-04 | CVE-2014-8617 | Cross-site Scripting vulnerability in Fortinet Fortimail Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol. | 4.3 |
| 2015-02-10 | CVE-2015-1570 | Cryptographic Issues vulnerability in Fortinet Forticlient 5.2.028/5.2.3.091 The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate. | 4.3 |
| 2015-02-10 | CVE-2015-1569 | Cryptographic Issues vulnerability in Fortinet Forticlient 5.2.028 Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate. | 4.3 |
| 2015-02-03 | CVE-2015-1459 | Cross-site Scripting vulnerability in Fortinet Fortiauthenticator 3.0.0 Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. | 4.3 |
| 2015-02-03 | CVE-2015-1458 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortiauthenticator 3.0.0 Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command. | 6.9 |
| 2015-02-03 | CVE-2015-1457 | Information Exposure vulnerability in Fortinet Fortiauthenticator 3.0.0 Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. | 4.9 |
| 2015-02-03 | CVE-2015-1456 | Information Exposure vulnerability in Fortinet Fortiauthenticator 3.0.0 Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/. | 4.0 |
| 2015-02-02 | CVE-2015-1453 | Cryptographic Issues vulnerability in Fortinet Forticlient 5.2.3.091 The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences. | 5.0 |