Vulnerabilities > Watchguard
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-20 | CVE-2017-14615 | Cross-site Scripting vulnerability in Watchguard Fireware An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. | 4.3 |
| 2017-05-05 | CVE-2017-8060 | Improper Certificate Validation vulnerability in Watchguard Panda Mobile Security 1.1 Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | 5.9 |
| 2017-04-30 | CVE-2017-8339 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Watchguard Panda Antivirus 18.0 PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \\.\PSMEMDriver. | 4.9 |
| 2017-04-22 | CVE-2017-8056 | XXE vulnerability in Watchguard Fireware 11.0.2/11.1 WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. | 5.0 |
| 2017-04-22 | CVE-2017-8055 | Information Exposure Through Discrepancy vulnerability in Watchguard Fireware 11.0.2/11.1 WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. | 5.0 |
| 2016-08-24 | CVE-2016-7089 | Permissions, Privileges, and Access Controls vulnerability in Watchguard Rapidstream WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN. | 7.2 |
| 2016-04-18 | CVE-2016-3943 | Incorrect Default Permissions vulnerability in Watchguard Panda Endpoint Administration Agent 7.49 Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module. | 7.2 |
| 2016-04-18 | CVE-2015-7378 | Incorrect Default Permissions vulnerability in Watchguard Panda URL Filtering 4.3.1.8 Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe. | 7.2 |
| 2015-07-08 | CVE-2015-5453 | Command Injection vulnerability in Watchguard XCS 10.0/9.2 Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl. | 6.5 |
| 2015-07-08 | CVE-2015-5452 | SQL Injection vulnerability in Watchguard XCS 10.0/9.2 SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3. | 7.5 |