fortiproxy

7.2.5

SEMANTIC 2 CVEs

7.0.11

SEMANTIC 2 CVEs

2.*

OTHER 2 CVEs

7.2.12

SEMANTIC 1 CVE

7.0.8

SEMANTIC 5 CVEs

7.2.9

SEMANTIC 3 CVEs

1.0.7

SEMANTIC 17 CVEs

1.2.0

SEMANTIC 28 CVEs

2.0.10

SEMANTIC 2 CVEs

7.2.11

SEMANTIC 4 CVEs

7.2.4

SEMANTIC 7 CVEs

7.2.0

SEMANTIC 55 CVEs

7.4.2

SEMANTIC 7 CVEs

7.0.18

SEMANTIC 4 CVEs

7.0.12

SEMANTIC 2 CVEs

FortiOS 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier

OTHER 1 CVE

1.2.13

SEMANTIC 28 CVEs

7.0.19

SEMANTIC 3 CVEs

7.0.10

SEMANTIC 9 CVEs

7.0.13

SEMANTIC 2 CVEs

2.0.11

SEMANTIC 9 CVEs

7.4.4

SEMANTIC 1 CVE

7.0.7

SEMANTIC 13 CVEs

7.0.20

SEMANTIC 1 CVE

7.2.1

SEMANTIC 14 CVEs

7.0.16

SEMANTIC 1 CVE

7.2.8

SEMANTIC 5 CVEs

7.4.0

SEMANTIC 20 CVEs

7.2.2

SEMANTIC 6 CVEs

7.4.1

SEMANTIC 4 CVEs

1.0.0

SEMANTIC 19 CVEs

7.2.10

SEMANTIC 3 CVEs

7.0.0

SEMANTIC 58 CVEs

7.0.1

SEMANTIC 2 CVEs

7.2.6

SEMANTIC 2 CVEs

7.0.17

SEMANTIC 2 CVEs

7.0.9

SEMANTIC 7 CVEs

1.1.0

SEMANTIC 25 CVEs

1.1.5

SEMANTIC 1 CVE

7.2.3

SEMANTIC 7 CVEs

7.4.5

SEMANTIC 4 CVEs

2.0.0

SEMANTIC 39 CVEs

FortiOS versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier.

OTHER 1 CVE

7.4.3

SEMANTIC 2 CVEs

7.0.14

SEMANTIC 3 CVEs

2.0.12

SEMANTIC 11 CVEs

7.0.5

SEMANTIC 1 CVE

2.0.7

SEMANTIC 1 CVE

7.0.15

SEMANTIC 2 CVEs

2.0.13

SEMANTIC 5 CVEs

7.0.6

SEMANTIC 1 CVE

1.1.6

SEMANTIC 26 CVEs

7.2.7

SEMANTIC 2 CVEs

2.0.14

SEMANTIC 10 CVEs

7.2.13

SEMANTIC 1 CVE

CVE-2022-43953

A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code or commands via specially crafted commands.

MEDIUM Jun 13, 2023

CVE-2022-42474

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests.

MEDIUM Jun 13, 2023

CVE-2022-41327

A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.

HIGH Jun 13, 2023

CVE-2022-43947

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiOS version 7.2.0 through 7.2.3 and before 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 administrative interface allows an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions.

MEDIUM Apr 11, 2023

CVE-2022-41330

An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9, version 6.4.0 through 6.4.11 and before 6.2.12 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.

HIGH Apr 11, 2023

CVE-2022-41329

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiOS version 7.2.0 through 7.2.3 and 7.0.0 through 7.0.9 allows an unauthenticated attackers to obtain sensitive logging informations on the device via crafted HTTP GET requests.

MEDIUM Mar 07, 2023

CVE-2022-42476

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.

HIGH Mar 07, 2023

CVE-2022-42472

A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.

MEDIUM Feb 16, 2023

CVE-2022-41335

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests.

HIGH Feb 16, 2023

CVE-2022-42475

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

CRITICAL Jan 02, 2023