cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-29055,https://securityvulnerability.io/vulnerability/CVE-2022-29055,,"A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an HTTP GET request.",Fortinet,"Fortinet FortiOS, Fortiproxy",7.5,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2022-10-18T15:15:00.000Z,0
CVE-2022-40684,https://securityvulnerability.io/vulnerability/CVE-2022-40684,,"An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.",Fortinet,"Fortinet FortiOS, Fortiproxy, Fortiswitchmanager",9.8,CRITICAL,0.9728000164031982,true,false,true,true,true,false,false,2022-10-18T00:00:00.000Z,0
CVE-2022-22299,https://securityvulnerability.io/vulnerability/CVE-2022-22299,,"A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.",Fortinet,"Fortinet Fortiadc, Fortiproxy, Fortimail, FortiOS",7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2022-08-05T15:23:52.000Z,0
CVE-2021-42755,https://securityvulnerability.io/vulnerability/CVE-2021-42755,,"An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.",Fortinet,"Fortinet Fortiswitch, Fortirecorder, Fortivoiceenterprise, FortiOS, Fortiproxy",4.3,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2022-07-18T17:15:00.000Z,0
CVE-2021-44170,https://securityvulnerability.io/vulnerability/CVE-2021-44170,,A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.,Fortinet,"Fortinet Fortiproxy, FortiOS",6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-07-18T16:35:11.000Z,0
CVE-2021-43206,https://securityvulnerability.io/vulnerability/CVE-2021-43206,,"A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages.",Fortinet,"Fortinet FortiOS, Fortiproxy",4.3,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2022-05-04T15:25:26.000Z,0
CVE-2021-26092,https://securityvulnerability.io/vulnerability/CVE-2021-26092,,"Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters.",Fortinet,"Fortinet FortiOS, Fortiproxy",4.7,MEDIUM,0.0014700000174343586,false,false,false,false,,false,false,2022-02-24T02:45:57.000Z,0
CVE-2021-26110,https://securityvulnerability.io/vulnerability/CVE-2021-26110,,"An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features.",Fortinet,"Fortinet FortiOS, Fortiproxy",7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2021-12-08T10:41:25.000Z,0
CVE-2019-17656,https://securityvulnerability.io/vulnerability/CVE-2019-17656,,"A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.",Fortinet,"Fortinet Fortiproxy, FortiOS",5.4,MEDIUM,0.0014400000218302011,false,false,false,false,,false,false,2021-04-12T14:14:42.000Z,0
CVE-2019-17655,https://securityvulnerability.io/vulnerability/CVE-2019-17655,,"A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system.",Fortinet,Fortinet FortiOS And Fortiproxy,5.3,MEDIUM,0.0017800000496208668,false,false,false,false,,false,false,2020-06-16T20:14:55.000Z,0
CVE-2018-13382,https://securityvulnerability.io/vulnerability/CVE-2018-13382,,"An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests",Fortinet,"Fortinet FortiOS, Fortiproxy",7.5,HIGH,0.4486599862575531,true,false,true,true,true,false,false,2019-06-04T20:33:53.000Z,0
CVE-2018-13381,https://securityvulnerability.io/vulnerability/CVE-2018-13381,,"A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads.",Fortinet,Fortinet FortiOS And Fortiproxy,5.3,MEDIUM,0.0011599999852478504,false,false,false,false,,false,false,2019-06-04T20:26:34.000Z,0
CVE-2018-13379,https://securityvulnerability.io/vulnerability/CVE-2018-13379,,"An Improper Limitation of a Pathname to a Restricted Directory (""Path Traversal"") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.",Fortinet,"Fortinet FortiOS, Fortiproxy",9.8,CRITICAL,0.9692599773406982,true,false,true,true,true,false,false,2019-06-04T20:18:08.000Z,0
CVE-2018-13380,https://securityvulnerability.io/vulnerability/CVE-2018-13380,,"A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.",Fortinet,Fortinet FortiOS And Fortiproxy,4.7,MEDIUM,0.01978999935090542,false,false,false,false,,false,false,2019-06-04T20:12:06.000Z,0
CVE-2018-13383,https://securityvulnerability.io/vulnerability/CVE-2018-13383,,"A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.",Fortinet,Fortinet FortiOS And Fortiproxy,6.5,MEDIUM,0.008170000277459621,true,false,true,true,,false,false,2019-05-29T17:20:03.000Z,0