Fortinet

FortiNDR

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.4

CVE-2024-40588

  • EPSS 0.02%
  • Veröffentlicht 12.08.2025 18:59:11
  • Zuletzt bearbeitet 14.08.2025 01:14:41

Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4, FortiCa...

9.8

CVE-2025-32756

Warnung
  • EPSS 10.06%
  • Veröffentlicht 13.05.2025 14:46:44
  • Zuletzt bearbeitet 25.08.2025 02:21:01

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 thr...

8.8

CVE-2023-33302

  • EPSS 0.11%
  • Veröffentlicht 31.03.2025 15:15:41
  • Zuletzt bearbeitet 23.07.2025 15:53:22

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 all...

5.3

CVE-2021-24008

  • EPSS 0.07%
  • Veröffentlicht 28.03.2025 10:13:32
  • Zuletzt bearbeitet 24.07.2025 19:57:26

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, versi...

6.5

CVE-2024-47573

  • EPSS 0.03%
  • Veröffentlicht 14.03.2025 15:04:55
  • Zuletzt bearbeitet 24.07.2025 18:53:45

An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permis...

8.8

CVE-2023-48790

  • EPSS 0.03%
  • Veröffentlicht 11.03.2025 14:54:31
  • Zuletzt bearbeitet 22.07.2025 21:22:45

A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET req...

6.1

CVE-2022-23439

  • EPSS 0.06%
  • Veröffentlicht 22.01.2025 10:15:07
  • Zuletzt bearbeitet 12.02.2025 13:39:42

A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before v...

8.8

CVE-2022-27488

  • EPSS 0.44%
  • Veröffentlicht 13.12.2023 07:15:10
  • Zuletzt bearbeitet 21.11.2024 06:55:49

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6...

6.7

CVE-2021-42757

  • EPSS 0.08%
  • Veröffentlicht 08.12.2021 11:15:11
  • Zuletzt bearbeitet 21.11.2024 06:28:06

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.