Lucene search
+L

943 matches found

Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.3 views

Fortinet FortiAnalyzer Private key readable by admin (FG-IR-24-133)

The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-133 advisory. - A key management error vulnerability CWE-320 in FortiManager, FortiAnalyzer and FortiPortal may allow an authenticated...

6CVSS5.5AI score0.00099EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/19 12:0 a.m.5 views

Fortinet FortiAnalyzer Pre-authentication DoS attack in OpenSSH - CVE-2025-26466 (FG-IR-25-122)

The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-122 advisory. - A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a...

5.9CVSS7.2AI score0.38474EPSS
Exploits4References3
CNVD
CNVD
added 2025/10/16 12:0 a.m.2 views

fortinet FortiAnalyzer License Issues Vulnerability

FortiAnalyzer is Fortinet's centralized security analysis and reporting platform. A security vulnerability exists in FortiAnalyzer that stems from a flaw in the authentication mechanism for OFTP requests. An attacker can exploit this vulnerability to obtain device operational status information o...

6.5CVSS6.7AI score0.00431EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/16 12:0 a.m.20 views

fortinet FortiAnalyzer Competitive Conditions Issue Vulnerability

FortiAnalyzer is Fortinet's centralized security log management and analysis platform. FortiAnalyzer suffers from a competitive condition vulnerability that stems from an improper synchronization mechanism for shared resources. An attacker can exploit this vulnerability to bypass the FortiCloud...

5.3CVSS6.8AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 3:47 p.m.5 views

CVE-2025-54973

A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the...

5.3CVSS6.9AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 3:47 p.m.11 views

CVE-2025-53845

An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...

6.5CVSS7AI score0.00431EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 3:47 p.m.4 views

CVE-2024-50571

A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.2, FortiAnalyzer 7.4.0 through 7.4.5, FortiAnalyzer 7.2.0 through 7.2.9, FortiAnalyzer 7.0.0 through 7.0.13, FortiAnalyzer 6.4 all versions, FortiAnalyzer 6.2 all versions, FortiAnalyzer 6.0 all versions,...

7.2CVSS6.2AI score0.005EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/15 12:0 a.m.2 views

Fortinet FortiAnalyzer Missing authentication check in OFTP service (FG-IR-25-378)

The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-378 advisory. - An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6...

6.5CVSS5.7AI score0.00431EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/15 12:0 a.m.2 views

Fortinet FortiAnalyzer SSO SAML authentication (FG-IR-25-198)

The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-198 advisory. - A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in...

5.3CVSS5.8AI score0.00294EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/14 6:30 p.m.12 views

EUVD-2025-34233

An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...

6.5CVSS6.4AI score0.00431EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/14 6:30 p.m.6 views

EUVD-2025-34238

A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the...

5.3CVSS6.4AI score0.00294EPSS
Exploits0References2
OSV
OSV
added 2025/10/14 4:15 p.m.8 views

CVE-2025-53845

An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...

6.5CVSS5.8AI score0.00431EPSS
Exploits0References1
NVD
NVD
added 2025/10/14 4:15 p.m.24 views

CVE-2025-53845

An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...

6.5CVSS0.00431EPSS
Exploits0References1
NVD
NVD
added 2025/10/14 4:15 p.m.15 views

CVE-2025-54973

A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the...

5.3CVSS0.00294EPSS
Exploits0References1
OSV
OSV
added 2025/10/14 4:15 p.m.2 views

CVE-2024-50571

A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.2, FortiAnalyzer 7.4.0 through 7.4.5, FortiAnalyzer 7.2.0 through 7.2.9, FortiAnalyzer 7.0.0 through 7.0.13, FortiAnalyzer 6.4 all versions, FortiAnalyzer 6.2 all versions, FortiAnalyzer 6.0 all versions,...

7.2CVSS6.2AI score0.005EPSS
Exploits0References1
CVE
CVE
added 2025/10/14 3:23 p.m.16 views

CVE-2025-53845

Fortinet FortiAnalyzer is affected by CVE-2025-53845. Versions 7.6.0–7.6.3 and prior to 7.4.6 are vulnerable to an improper authentication vulnerability (CWE-287) that allows an unauthenticated attacker to obtain device health/status information or cause a denial of service via crafted OFTP reque...

6.5CVSS6.6AI score0.00431EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/10/14 3:23 p.m.24 views

CVE-2025-53845

An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...

6.5CVSS0.00431EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/14 3:23 p.m.4 views

CVE-2025-53845

An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...

6.5CVSS6.6AI score0.00431EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/14 3:23 p.m.2 views

CVE-2025-54973

A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the...

5.3CVSS6.5AI score0.00294EPSS
Exploits0References1
CVE
CVE
added 2025/10/14 3:23 p.m.29 views

CVE-2025-54973

CVE-2025-54973 describes a race condition (CWE-362) in Fortinet FortiAnalyzer. Multiple FortiAnalyzer releases are affected (versions 7.6.0–7.6.2, 7.4.0–7.4.6, 7.2.0–7.2.10, and before 7.0.13). The issue arises from improper synchronization of a shared resource, enabling an attacker to attempt to...

5.3CVSS6.5AI score0.00294EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder