Lucene search
K

481 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:35 a.m.6 views

CVE-2019-15712

An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for...

7.2CVSS6.9AI score0.00999EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:4 a.m.10 views

CVE-2013-1471

Multiple cross-site scripting XSS vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption IBE appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via 1 the Add field for the Black List under Antispam...

4.3CVSS6AI score0.02015EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/05/20 12:0 a.m.11 views

Fortinet FortiMail 7.0.x < 7.0.9 / 7.2.x < 7.2.8 / 7.4.x < 7.4.5 / 7.6.x < 7.6.3 API Stack-based Buffer Overflow (FG-IR-25-254)

The version of Fortigate FortiMail installed on the remote host is 7.0.x prior to 7.0.9, 7.2.x prior to 7.2.8, 7.4.x prior to 7.4.5, or 7.6.x prior to 7.6.3. It is, therefore, affected by an API stack-based buffer overflow vulnerability as referenced in the FG-IR-25-254 advisory: - A stack-based...

9.8CVSS9.6AI score0.31419EPSS
Exploits3References2
Rapid7 Blog
Rapid7 Blog
added 2025/05/14 2:59 p.m.8 views

CVE-2025-32756 Exploited in the Wild, Affecting Multiple Fortinet Products

On May 13, 2025, Fortinet disclosed CVE-2025-32756, an unauthenticated stack-based buffer overflow affecting multiple Fortinet products; including FortiVoice, FortiRecorder, FortiNDR, FortiMail, and FortiCamera. The vulnerability is rated as CVSS 9.6 Critical, and allows an unauthenticated remote...

9.8CVSS10AI score0.31419EPSS
Exploits3
NCSC
NCSC
added 2025/05/14 1:50 p.m.8 views

Vulnerability fixed in FortiVoice

Fortinet has fixed a vulnerability in FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera. The vulnerability is in the way FortiVoice systems handle HTTP requests, leading to a stack-based buffer overflow. This allows a malicious, unauthenticated attacker to execute arbitrary code by...

9.8CVSS9.9AI score0.31419EPSS
Exploits3References1
BDU FSTEC
BDU FSTEC
added 2025/05/14 12:0 a.m.9 views

The vulnerabilities of the FortiVoice corporate telephony software’s web interface, the FortiMail email protection system, the Fortinet FortiNDR software-defined detection and intrusion prevention system, the FortiRecorder video surveillance device’s microsoftware, and the FortiCamera video surveillance system allow a perpetrator to execute arbitrary codes.

The vulnerabilities of the FortiVoice corporate telephony software’s web interface, the FortiMail email protection system, the Fortinet FortiNDR software-defined intrusion detection and prevention system, the FortiRecorder video surveillance device’s microsoftware, and the FortiCamera video...

10CVSS9AI score0.31419EPSS
Exploits3References4Affected Software5
NVD
NVD
added 2025/05/13 3:15 p.m.34 views

CVE-2025-32756

A stack-based buffer overflow vulnerability CWE-121 vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8,...

9.8CVSS0.31419EPSS
Exploits3References2
VulnCheck KEV
VulnCheck KEV
added 2025/05/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-32756

Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests...

9.8CVSS6.3AI score0.31419EPSS
Exploits3References1
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.50 views

Fortinet多款产品 安全漏洞

Fortinet FortiRecorder and others are products of Fortinet, Inc.Fortinet FortiRecorder is a Web-based network video recorder management system.Fortinet FortiMail is an email security gateway product.Fortinet FortiVoice is a unified communications and collaboration-as-a-service. A security...

9.8CVSS9.8AI score0.31419EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2025/04/02 3:43 p.m.11 views

CVE-2023-33302

A buffer copy without checking size of input 'classic buffer overflow' in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail...

8.8CVSS8.1AI score0.00341EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/01 12:0 a.m.8 views

The vulnerability of the CLI component of the FortiMail email security system allows a hacker to execute arbitrary codes or commands.

The vulnerability of the CLI component of the FortiMail email security system is related to buffer overflow in the stack. Exploiting this vulnerability allows an attacker to execute arbitrary code or commands...

6.8CVSS6.3AI score0.00175EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/03/31 3:15 p.m.4 views

CVE-2023-33302

A buffer copy without checking size of input 'classic buffer overflow' in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail...

8.8CVSS6.2AI score0.00341EPSS
Exploits0References1
NVD
NVD
added 2025/03/31 3:15 p.m.21 views

CVE-2023-33302

A buffer copy without checking size of input 'classic buffer overflow' in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail...

8.8CVSS0.00341EPSS
Exploits0References1
CVE
CVE
added 2025/03/31 2:58 p.m.95 views

CVE-2023-33302

CVE-2023-33302 affects Fortinet FortiMail WebMail and admin interface (FortiMail) versions 6.4.0–6.4.4 and before 6.2.6, and FortiNDR admin interface versions before 7.1.0, with FortiNDR 7.2.0 also affected. The root cause is a buffer copy without input size checking, i.e., a classic buffer overf...

8.8CVSS7.8AI score0.00341EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/03/31 2:58 p.m.25 views

CVE-2023-33302

A buffer copy without checking size of input 'classic buffer overflow' in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail...

4.7CVSS0.00341EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/31 2:58 p.m.7 views

CVE-2023-33302

A buffer copy without checking size of input 'classic buffer overflow' in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail...

4.7CVSS7.8AI score0.00341EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/03/31 12:0 a.m.8 views

PT-2025-13782 · Fortinet · Fortindr +1

Name of the Vulnerable Software and Affected Versions: FortiMail versions 6.4.0 through 6.4.4 FortiMail versions prior to 6.2.6 FortiNDR versions prior to 7.1.0 FortiNDR version 7.2.0 Description: A buffer copy without checking the size of input, also known as a 'classic buffer overflow', allows ...

8.8CVSS7AI score0.00341EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.4 views

Fortinet FortiMail 安全漏洞

Fortinet FortiMail is a suite of email security gateway products from Fortinet. The product provides features such as email security and data protection. A security vulnerability exists in Fortinet FortiMail that stems from buffer copying without checking the input size, which could lead to a...

8.8CVSS7.2AI score0.00341EPSS
Exploits0References2
OSV
OSV
added 2025/03/28 11:15 a.m.5 views

CVE-2021-24008

An exposure of sensitive system information to an unauthorized control sphere vulnerability CWE-497 in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0,...

5.3CVSS5.8AI score0.00481EPSS
Exploits0References1
NVD
NVD
added 2025/03/28 11:15 a.m.7 views

CVE-2021-24008

An exposure of sensitive system information to an unauthorized control sphere vulnerability CWE-497 in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0,...

5.3CVSS0.00481EPSS
Exploits0References1
Rows per page
Query Builder