2767 matches found
CVE-2023-42786
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request...
CVE-2023-42786
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request...
CVE-2024-36504
CVE-2024-36504 describes an out-of-bounds read (CWE-125) in the FortiOS SSLVPN web portal. An authenticated attacker can cause a denial of service by sending a specially crafted URL. Affected are FortiOS SSLVPN web portal versions: 7.4.0–7.4.4, 7.2.0–7.2.8, 7.0 (all versions), and 6.4 (all versio...
CVE-2024-36504
An out-of-bounds read vulnerability CWE-125 in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN web portal via a specially crafted URL...
CVE-2024-36504
An out-of-bounds read vulnerability CWE-125 in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN web portal via a specially crafted URL...
CVE-2024-46666
An allocation of resources without limits or throttling CWE-770 vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests...
CVE-2024-46666
An allocation of resources without limits or throttling CWE-770 vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests...
CVE-2024-46666
CVE-2024-46666 affects FortiOS (various 7.x and 6.4) with an CWE-770 resource allocation issue that can allow a remote unauthenticated attacker to block GUI access via crafted requests to specific endpoints. The CVSSv3.1 base score is 5.3 (Medium), with network attack vector and no user interacti...
CVE-2024-54021
An Improper Neutralization of CRLF Sequences in HTTP Headers 'http response splitting' vulnerability CWE-113 in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a remote unauthenticated attacker to bypass the file filter via crafted HTTP headers...
CVE-2024-54021
An Improper Neutralization of CRLF Sequences in HTTP Headers 'http response splitting' vulnerability CWE-113 in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a remote unauthenticated attacker to bypass the file filter via crafted HTTP headers...
CVE-2024-54021
CVE-2024-54021 is an HTTP CRLF (http response splitting) vulnerability in Fortinet FortiOS (7.2.0–7.6.0) and FortiProxy (7.2.0–7.4.5). The root cause is improper neutralization of CRLF sequences in HTTP headers, which may allow a remote unauthenticated attacker to bypass the file filter via craft...
CVE-2024-48886
A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1...
CVE-2024-48886
CVE-2024-48886 concerns Fortinet products (FortiOS, FortiProxy, FortiManager, FortiAnalyzer Cloud, FortiManager Cloud) with a weak authentication flaw that allows an attacker to execute unauthorized code or commands via brute-force. The initial description lists affected versions across FortiOS: ...
CVE-2024-48884
CVE-2024-48884 affects Fortinet products including FortiManager (7.6.0–7.6.1, 7.4.1–7.4.3, FortiManager Cloud 7.4.1–7.4.3), FortiOS (7.6.0, 7.4.0–7.4.4, 7.2.0–7.2.9, 7.0.0–7.0.15, 6.4.0–6.4.15), FortiProxy (7.4.0–7.4.5, 7.2.0–7.2.11, 7.0.0–7.0.18, 2.0 all versions, 1.2 all versions, 1.1 all versi...
CVE-2024-46668
An allocation of resources without limits or throttling vulnerability CWE-770 in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple...
CVE-2024-46668
CVE-2024-46668 describes an allocation of resources without limits or throttling (CWE-770) in Fortinet FortiOS. The vulnerability affects FortiOS versions 7.4.0–7.4.4, 7.2.0–7.2.8, 7.0.0–7.0.15, and 6.4.0–6.4.15, where an unauthenticated remote attacker could cause memory exhaustion by uploading ...
CVE-2024-46668
An allocation of resources without limits or throttling vulnerability CWE-770 in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple...
CVE-2023-46715
An origin validation error CWE-346 vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send but not receive packets spoofing the IP of another user via crafted network packets...
CVE-2023-46715
CVE-2023-46715 describes an origin validation error (CWE-346) in Fortinet FortiOS IPSec VPN that allows an authenticated VPN user with dynamic IP addressing to spoof another user’s IP by sending crafted packets. Affected products and versions are Fortinet FortiOS IPSec VPN 7.4.0–7.4.1 and 7.2.6 a...
CVE-2023-46715
An origin validation error CWE-346 vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send but not receive packets spoofing the IP of another user via crafted network packets...