Vulnerabilities > Watchguard > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-24 | CVE-2022-25292 | Out-of-bounds Write vulnerability in Watchguard Fireware A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. | 8.8 |
| 2022-02-24 | CVE-2022-25293 | Out-of-bounds Write vulnerability in Watchguard Fireware A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. | 8.8 |
| 2022-02-24 | CVE-2022-25360 | Unrestricted Upload of File with Dangerous Type vulnerability in Watchguard Fireware WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. | 8.8 |
| 2022-01-13 | CVE-2021-34998 | Improper Privilege Management vulnerability in Watchguard Panda Antivirus 18.0 This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Free Antivirus 20.2.0.0. | 7.8 |
| 2020-03-12 | CVE-2020-10532 | Cleartext Storage of Sensitive Information vulnerability in Watchguard AD Helper Firmware The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI. | 7.5 |
| 2018-05-02 | CVE-2018-10577 | Unrestricted Upload of File with Dangerous Type vulnerability in Watchguard products An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. | 8.8 |
| 2018-04-30 | CVE-2018-10576 | Improper Authentication vulnerability in Watchguard Ap100 Firmware, Ap102 Firmware and Ap200 Firmware An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. | 7.8 |
| 2017-10-23 | CVE-2015-2878 | Cross-Site Request Forgery (CSRF) vulnerability in Watchguard Hawkeye G 3.0.1.4912 Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist. | 8.8 |
| 2017-09-20 | CVE-2017-14616 | Resource Exhaustion vulnerability in Watchguard Fireware An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. | 7.5 |
| 2016-08-24 | CVE-2016-7089 | Permissions, Privileges, and Access Controls vulnerability in Watchguard Rapidstream WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN. | 7.8 |