CVE-2018-13383
- EPSS 1.11%
- Veröffentlicht 29.05.2019 18:29:00
- Zuletzt bearbeitet 24.10.2025 12:54:16
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged ...
CVE-2018-13366
- EPSS 0.24%
- Veröffentlicht 09.04.2019 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:46:58
An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol.
- EPSS 0.36%
- Veröffentlicht 09.04.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:18:08
A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations.
CVE-2018-1352
- EPSS 0.5%
- Veröffentlicht 08.02.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:40
A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.
CVE-2018-13374
- EPSS 2.63%
- Veröffentlicht 22.01.2019 14:29:00
- Zuletzt bearbeitet 24.10.2025 12:53:15
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test req...
CVE-2018-13376
- EPSS 1.22%
- Veröffentlicht 27.11.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:46:59
An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.
CVE-2018-9192
- EPSS 0.17%
- Veröffentlicht 05.09.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 04:15:08
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such atta...
CVE-2018-9194
- EPSS 0.17%
- Veröffentlicht 05.09.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 04:15:09
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such atta...
CVE-2018-9185
- EPSS 0.98%
- Veröffentlicht 05.07.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 04:15:08
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature.
CVE-2017-14185
- EPSS 0.33%
- Veröffentlicht 25.05.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:12:19
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside t...