An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files.
An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file.
A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.
The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges.
An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests.
An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets.
Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests.
An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.
A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests.
Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext.