Vulnerabilities > Watchguard
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-24 | CVE-2022-25293 | Out-of-bounds Write vulnerability in Watchguard Fireware A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. | 8.8 |
| 2022-02-24 | CVE-2022-25360 | Unrestricted Upload of File with Dangerous Type vulnerability in Watchguard Fireware WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. | 8.8 |
| 2022-02-24 | CVE-2022-25363 | Out-of-bounds Write vulnerability in Watchguard Fireware WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. | 6.5 |
| 2022-01-13 | CVE-2021-34998 | Improper Privilege Management vulnerability in Watchguard Panda Antivirus 18.0 This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Free Antivirus 20.2.0.0. | 7.8 |
| 2020-03-12 | CVE-2020-10532 | Cleartext Storage of Sensitive Information vulnerability in Watchguard AD Helper Firmware The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI. | 7.5 |
| 2020-02-07 | CVE-2014-6413 | Cross-site Scripting vulnerability in Watchguard Fireware XTM 11.8.3 A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script. | 6.1 |
| 2020-01-07 | CVE-2019-18652 | Cross-site Scripting vulnerability in Watchguard Xmt515 Firmware 12.3 A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. | 6.1 |
| 2019-08-23 | CVE-2016-6154 | Open Redirect vulnerability in Watchguard Fireware The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). | 6.1 |
| 2018-05-02 | CVE-2018-10578 | Improper Input Validation vulnerability in Watchguard products An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. | 9.8 |
| 2018-05-02 | CVE-2018-10577 | Unrestricted Upload of File with Dangerous Type vulnerability in Watchguard products An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. | 8.8 |