Vulnerabilities > Watchguard
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-24 | CVE-2022-25292 | Out-of-bounds Write vulnerability in Watchguard Fireware A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. | 8.8 |
| 2022-02-24 | CVE-2022-25293 | Out-of-bounds Write vulnerability in Watchguard Fireware A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. | 8.8 |
| 2022-02-24 | CVE-2022-25360 | Unrestricted Upload of File with Dangerous Type vulnerability in Watchguard Fireware 12.1.3/12.5.9/12.7.2 WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. | 6.5 |
| 2022-02-24 | CVE-2022-25363 | Out-of-bounds Write vulnerability in Watchguard Fireware WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. | 6.5 |
| 2022-01-13 | CVE-2021-34998 | Improper Privilege Management vulnerability in Watchguard Panda Antivirus 18.0 This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Free Antivirus 20.2.0.0. | 7.2 |
| 2020-03-12 | CVE-2020-10532 | Cleartext Storage of Sensitive Information vulnerability in Watchguard AD Helper Firmware The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI. | 5.0 |
| 2020-02-07 | CVE-2014-6413 | Cross-site Scripting vulnerability in Watchguard Fireware XTM 11.8.3 A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script. | 4.3 |
| 2020-01-07 | CVE-2019-18652 | Cross-site Scripting vulnerability in Watchguard Xmt515 Firmware 12.3 A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. | 4.3 |
| 2019-08-23 | CVE-2016-6154 | Cross-site Scripting vulnerability in Watchguard Fireware The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). | 5.8 |
| 2018-05-02 | CVE-2018-10578 | Improper Input Validation vulnerability in Watchguard products An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. | 7.5 |