481 matches found
CVE-2019-15712
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for...
CVE-2013-1471
Multiple cross-site scripting XSS vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption IBE appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via 1 the Add field for the Black List under Antispam...
Fortinet FortiMail 7.0.x < 7.0.9 / 7.2.x < 7.2.8 / 7.4.x < 7.4.5 / 7.6.x < 7.6.3 API Stack-based Buffer Overflow (FG-IR-25-254)
The version of Fortigate FortiMail installed on the remote host is 7.0.x prior to 7.0.9, 7.2.x prior to 7.2.8, 7.4.x prior to 7.4.5, or 7.6.x prior to 7.6.3. It is, therefore, affected by an API stack-based buffer overflow vulnerability as referenced in the FG-IR-25-254 advisory: - A stack-based...
CVE-2025-32756 Exploited in the Wild, Affecting Multiple Fortinet Products
On May 13, 2025, Fortinet disclosed CVE-2025-32756, an unauthenticated stack-based buffer overflow affecting multiple Fortinet products; including FortiVoice, FortiRecorder, FortiNDR, FortiMail, and FortiCamera. The vulnerability is rated as CVSS 9.6 Critical, and allows an unauthenticated remote...
Vulnerability fixed in FortiVoice
Fortinet has fixed a vulnerability in FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera. The vulnerability is in the way FortiVoice systems handle HTTP requests, leading to a stack-based buffer overflow. This allows a malicious, unauthenticated attacker to execute arbitrary code by...
The vulnerabilities of the FortiVoice corporate telephony software’s web interface, the FortiMail email protection system, the Fortinet FortiNDR software-defined detection and intrusion prevention system, the FortiRecorder video surveillance device’s microsoftware, and the FortiCamera video surveillance system allow a perpetrator to execute arbitrary codes.
The vulnerabilities of the FortiVoice corporate telephony software’s web interface, the FortiMail email protection system, the Fortinet FortiNDR software-defined intrusion detection and prevention system, the FortiRecorder video surveillance device’s microsoftware, and the FortiCamera video...
CVE-2025-32756
A stack-based buffer overflow vulnerability CWE-121 vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8,...
VulnCheck KEV: CVE-2025-32756
Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests...
Fortinet多款产品 安全漏洞
Fortinet FortiRecorder and others are products of Fortinet, Inc.Fortinet FortiRecorder is a Web-based network video recorder management system.Fortinet FortiMail is an email security gateway product.Fortinet FortiVoice is a unified communications and collaboration-as-a-service. A security...
CVE-2023-33302
A buffer copy without checking size of input 'classic buffer overflow' in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail...
The vulnerability of the CLI component of the FortiMail email security system allows a hacker to execute arbitrary codes or commands.
The vulnerability of the CLI component of the FortiMail email security system is related to buffer overflow in the stack. Exploiting this vulnerability allows an attacker to execute arbitrary code or commands...
CVE-2023-33302
A buffer copy without checking size of input 'classic buffer overflow' in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail...
CVE-2023-33302
A buffer copy without checking size of input 'classic buffer overflow' in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail...
CVE-2023-33302
CVE-2023-33302 affects Fortinet FortiMail WebMail and admin interface (FortiMail) versions 6.4.0–6.4.4 and before 6.2.6, and FortiNDR admin interface versions before 7.1.0, with FortiNDR 7.2.0 also affected. The root cause is a buffer copy without input size checking, i.e., a classic buffer overf...
CVE-2023-33302
A buffer copy without checking size of input 'classic buffer overflow' in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail...
CVE-2023-33302
A buffer copy without checking size of input 'classic buffer overflow' in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail...
PT-2025-13782 · Fortinet · Fortindr +1
Name of the Vulnerable Software and Affected Versions: FortiMail versions 6.4.0 through 6.4.4 FortiMail versions prior to 6.2.6 FortiNDR versions prior to 7.1.0 FortiNDR version 7.2.0 Description: A buffer copy without checking the size of input, also known as a 'classic buffer overflow', allows ...
Fortinet FortiMail 安全漏洞
Fortinet FortiMail is a suite of email security gateway products from Fortinet. The product provides features such as email security and data protection. A security vulnerability exists in Fortinet FortiMail that stems from buffer copying without checking the input size, which could lead to a...
CVE-2021-24008
An exposure of sensitive system information to an unauthorized control sphere vulnerability CWE-497 in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0,...
CVE-2021-24008
An exposure of sensitive system information to an unauthorized control sphere vulnerability CWE-497 in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0,...