18 matches found
CVE-2022-27487
A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS...
EUVD-2024-44620
Malicious code in bioql PyPI...
EUVD-2021-30148
Malicious code in bioql PyPI...
EUVD-2021-30025
Malicious code in bioql PyPI...
PT-2025-28465 · Fortinet · Fortianalyzer Cloud +3
Name of the Vulnerable Software and Affected Versions: FortiManager versions 6.4 through 7.6.1 FortiManager Cloud versions 6.4 through 7.4.6 FortiAnalyzer versions 6.4 through 7.6.1 FortiAnalyzer Cloud versions 6.4 through 7.4.6 Description: The issue is related to an Improper Neutralization of...
CVE-2022-43948
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 7.0.0 through 7.0.3, FortiADC version 7.1.0 through 7.1.1, FortiADC version 7.0.0 through 7.0.3, FortiADC 6.2 all versions, FortiADC 6.1 all versions, FortiADC 6.0 all versions,...
PT-2025-10771
Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0.0 through 7.4.4 FortiProxy versions 7.0.19 through 7.4.6 FortiPAM versions 1.3.1 through 1.4.2 FortiSRA versions 1.3.1 through 1.4.2 FortiWeb versions 7.0.10 through 7.4.5 Description A use of externally-controlled format...
CVE-2024-36508
An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 CLI allows an authenticated admin user with diagnose...
The vulnerability of Fortinet’s software products arises from incorrect restrictions on path names in restricted access catalogs, allowing attackers to escalate their privileges.
The vulnerability of Fortinet’s software products is related to incorrect restrictions on path names in the restricted access catalog. Exploiting this vulnerability can allow attackers to enhance their privileges through specially created packages...
The vulnerability of Fortinet’s CSFD software products allows a perpetrator to execute arbitrary code or commands.
The vulnerability of Fortinet’s CSFD software products relates to the bypassing of authentication processes. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or commands using brute-force attacks...
The vulnerability of Fortinet’s software products arises from incorrect restrictions on path names in restricted access catalogs, allowing attackers to escalate their privileges.
The vulnerability of Fortinet’s software products is related to incorrect restrictions on path names in the restricted access catalog. Exploiting this vulnerability can allow attackers to enhance their privileges through specially created packages...
CVE-2024-33502
An improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execu...
CVE-2024-33502
CVE-2024-33502 affects Fortinet FortiManager and FortiAnalyzer. Affected versions include FortiManager/ FortiAnalyzer releases (e.g., 6.x, 7.x series) where a pathname is improperly limited to restricted directories, enabling path traversal. Resulting in potential execution of unauthorized code o...
CVE-2024-35276
A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1...
CVE-2024-35276
CVE-2024-35276 is a stack-based buffer overflow affecting Fortinet FortiAnalyzer and FortiManager products across multiple versions (FortiAnalyzer/Cloud, FortiManager/Cloud; 6.4.x to 7.4.x with various sub-versions). The root cause is a stack-based overflow that allows an attacker to execute arbi...
CVE-2024-36512
Fortinet FortiManager and FortiAnalyzer are affected by CVE-2024-36512 due to an improper restriction of a pathname to a restricted directory (path traversal). Affected versions include FortiManager/FortiAnalyzer 6.2.10–6.2.13, 7.0.2–7.0.12, 7.2.0–7.2.5, and 7.4.0–7.4.3. The root cause is imprope...
Fortinet FortiClient Privilege escalation via lua auto patch function (FG-IR-24-144)
The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-144 advisory. - A privilege context switching error vulnerability CWE-270 in FortiClient Windows version 7.2.4 and below, version 7.0.12...
FortiProxy SSL VPN user credential plaintext storage
...