Vulnerabilities > Watchguard > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-05 | CVE-2023-26237 | Authorization Bypass Through User-Controlled Key vulnerability in Watchguard products An issue was discovered in WatchGuard EPDR 8.0.21.0002. | 6.7 |
| 2023-10-05 | CVE-2023-26238 | Unspecified vulnerability in Watchguard products An issue was discovered in WatchGuard EPDR 8.0.21.0002. | 5.5 |
| 2023-10-05 | CVE-2023-26239 | Improper Check for Dropped Privileges vulnerability in Watchguard products An issue was discovered in WatchGuard EPDR 8.0.21.0002. | 5.5 |
| 2023-07-13 | CVE-2023-37849 | Uncontrolled Search Path Element vulnerability in Watchguard Panda Security VPN A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows attackers to execute arbitrary code via placing a crafted DLL file in the same directory as PANDAVPN.exe. | 6.5 |
| 2022-09-06 | CVE-2022-31792 | Cross-site Scripting vulnerability in Watchguard Fireware A stored cross-site scripting (XSS) vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. | 5.4 |
| 2022-02-24 | CVE-2022-25290 | Unspecified vulnerability in Watchguard Fireware WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private keys. | 6.5 |
| 2022-02-24 | CVE-2022-25363 | Out-of-bounds Write vulnerability in Watchguard Fireware WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. | 6.5 |
| 2020-02-07 | CVE-2014-6413 | Cross-site Scripting vulnerability in Watchguard Fireware XTM 11.8.3 A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script. | 6.1 |
| 2020-01-07 | CVE-2019-18652 | Cross-site Scripting vulnerability in Watchguard Xmt515 Firmware 12.3 A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. | 6.1 |
| 2019-08-23 | CVE-2016-6154 | Open Redirect vulnerability in Watchguard Fireware The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). | 6.1 |