Vulnerabilities > Watchguard
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-02 | CVE-2018-10578 | Improper Input Validation vulnerability in Watchguard products An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. | 9.8 |
| 2018-05-02 | CVE-2018-10577 | Unrestricted Upload of File with Dangerous Type vulnerability in Watchguard products An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. | 8.8 |
| 2018-04-30 | CVE-2018-10576 | Improper Authentication vulnerability in Watchguard Ap100 Firmware, Ap102 Firmware and Ap200 Firmware An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. | 7.8 |
| 2018-04-30 | CVE-2018-10575 | Use of Hard-coded Credentials vulnerability in Watchguard Ap100 Firmware, Ap102 Firmware and Ap200 Firmware An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. | 9.8 |
| 2017-10-23 | CVE-2015-2878 | Cross-Site Request Forgery (CSRF) vulnerability in Watchguard Hawkeye G 3.0.1.4912 Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist. | 8.8 |
| 2017-09-20 | CVE-2017-14616 | Resource Exhaustion vulnerability in Watchguard Fireware An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. | 7.5 |
| 2017-09-20 | CVE-2017-14615 | Cross-site Scripting vulnerability in Watchguard Fireware An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. | 6.1 |
| 2017-05-05 | CVE-2017-8060 | Improper Certificate Validation vulnerability in Watchguard Panda Mobile Security 1.1 Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | 5.9 |
| 2017-04-30 | CVE-2017-8339 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Watchguard Panda Antivirus 18.0 PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \\.\PSMEMDriver. | 5.5 |
| 2017-04-22 | CVE-2017-8056 | XXE vulnerability in Watchguard Fireware 11.0.2/11.1/11.2.1 WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. | 5.3 |