Fortinet : Security Vulnerabilities, CVEs, Published In 2021 (Denial of service)
A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete denial of service of its components via changes of directory access permissions.
Max CVSS
4.9
EPSS Score
0.04%
Published
2021-12-09
Updated
2021-12-10
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to cause a denial of service for webserver daemon via crafted HTTP requests
Max CVSS
7.5
EPSS Score
0.22%
Published
2021-11-02
Updated
2021-11-04
Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.
Max CVSS
6.1
EPSS Score
0.07%
Published
2021-11-02
Updated
2021-11-04
A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may allow an attacker to perform a denial of service attack via specially crafted license blobs.
Max CVSS
7.5
EPSS Score
0.09%
Published
2021-11-02
Updated
2021-11-04
An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents.
Max CVSS
8.1
EPSS Score
0.10%
Published
2021-11-02
Updated
2021-11-04
Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.
Max CVSS
6.5
EPSS Score
0.08%
Published
2021-11-02
Updated
2021-11-03
A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.
Max CVSS
6.7
EPSS Score
0.04%
Published
2021-07-20
Updated
2021-07-29
A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the `diagnose sys cpuset` with a large cpuset mask value. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.
Max CVSS
6.7
EPSS Score
0.20%
Published
2021-06-03
Updated
2021-06-11
An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bring the device into an unresponsive state via specifically-crafted long request parameters.
Max CVSS
7.8
EPSS Score
0.10%
Published
2021-08-04
Updated
2021-08-12
9 vulnerabilities found