Fortinet

Fortiweb

107 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2021-36191

  • EPSS 0.08%
  • Published 08.12.2021 13:15:07
  • Last modified 21.11.2024 06:13:17

A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to use the device as proxy via crafted GET parameters in requests to error handlers

7.5

CVE-2021-41014

  • EPSS 0.41%
  • Published 08.12.2021 13:15:07
  • Last modified 21.11.2024 06:25:15

A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets

6.1

CVE-2021-41015

  • EPSS 0.47%
  • Published 08.12.2021 13:15:07
  • Last modified 21.11.2024 06:25:15

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to SAML login han...

5.3

CVE-2021-32591

  • EPSS 0.17%
  • Published 08.12.2021 12:15:07
  • Last modified 21.11.2024 06:07:20

A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession ...

8.8

CVE-2021-36180

  • EPSS 0.52%
  • Published 08.12.2021 11:15:11
  • Last modified 21.11.2024 06:13:16

Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or co...

6.7

CVE-2021-42757

  • EPSS 0.08%
  • Published 08.12.2021 11:15:11
  • Last modified 21.11.2024 06:28:06

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

7.5

CVE-2021-36187

  • EPSS 0.6%
  • Published 02.11.2021 19:15:08
  • Last modified 21.11.2024 06:13:16

A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to cause a denial of service for webserver daemon via crafted HTTP requests

9.8

CVE-2021-36186

  • EPSS 0.43%
  • Published 02.11.2021 19:15:07
  • Last modified 21.11.2024 06:13:16

A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests

5.4

CVE-2021-36175

  • EPSS 0.19%
  • Published 06.10.2021 10:15:07
  • Last modified 21.11.2024 06:13:15

An improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various s...

8.8

CVE-2021-36179

  • EPSS 0.43%
  • Published 08.09.2021 11:15:07
  • Last modified 21.11.2024 06:13:15

A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution