High |
WGSA-2024-00017 |
WatchGuard Endpoint Protection Privilege Escalation in PSANHost Enables Arbitrary File Delete as SYSTEM |
CVE-2024-8424 |
|
High |
WGSA-2024-00016 |
WatchGuard Firebox Single Sign-On Client Denial-of-Service |
CVE-2024-6594 |
|
Critical |
WGSA-2024-00015 |
WatchGuard SSO Agent Telnet Authentication Bypass |
CVE-2024-6593 |
|
Critical |
WGSA-2024-00014 |
WatchGuard Firebox Single Sign-On Agent Protocol Authorization Bypass |
CVE-2024-6592 |
|
High |
WGSA-2024-00013 |
Blast-RADIUS CHAP and PAP Authentication Vulnerability CVE-2024-3596 |
CVE-2024-3596 |
|
Critical |
WGSA-2024-00012 |
OpenSSH regreSSHion (CVE-2024-6387) |
CVE-2024-6387 |
|
High |
WGSA-2024-00011 |
Firebox Authenticated Buffer Overflow Vulnerability |
CVE-2024-5974 |
|
High |
WGSA-2024-00010 |
Mobile VPN with SSL Local Privilege Escalation Vulnerability |
CVE-2024-4944 |
|
High |
WGSA-2024-00009 |
CVE-2024-3661 Impact of TunnelVision Vulnerability |
CVE-2024-3661 |
|
High |
WGSA-2024-00008 |
Diffie-Hellman Key Agreement Protocol Weaknesses CVE-2002-20001 & CVE-2022-40735 |
CVE-2002-20001, CVE-2022-40735 |
|
Critical |
WGSA-2024-00007 |
XZ Utils supply chain compromise (CVE-2024-3094) |
CVE-2024-3094 |
|
High |
WGSA-2024-00006 |
MacOS Safari AuthPoint Password Manager Extension Local Code Injection |
CVE-2024-1417 |
|
High |
WGSA-2024-00005 |
lighttpd denial of service vulnerability (CVE-2022-41556) |
CVE-2022-41556 |
|
Critical |
WGSA-2024-00004 |
Ivanti Connect Secure and Ivanti Policy Secure Gateway Vulnerabilities |
CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, CVE-2024-21893 |
|
Medium |
WGSA-2024-00003 |
WatchGuard Endpoint pskmad_64.sys Arbitrary Memory Read Vulnerability |
CVE-2023-6332 |
|
High |
WGSA-2024-00002 |
WatchGuard Endpoint pskmad_64.sys Out of Bounds Write Vulnerability |
CVE-2023-6331 |
|
Medium |
WGSA-2024-00001 |
WatchGuard Endpoint pskmad_64.sys Pool Memory Corruption Vulnerability |
CVE-2023-6330 |
|
High |
WGSA-2023-00010 |
FRR Dynamic Routing Denial of Service Vulenrabilities |
CVE-2023-38802, CVE-2023-41358 |
|
Critical |
WGSA-2023-00009 |
Apache Struts Remote Code Execution Vulnerability (CVE-2023-50164) |
CVE-2023-50164 |
|
Critical |
WGSA-2023-00008 |
Heap Buffer Overflow in libwebp WebP Codec |
CVE-2023-4863 |
|
Medium |
WGSA-2023-00007 |
WatchGuard EPDR and AD360 Local Protection Management Password Exposure Vulnerability |
CVE-2023-26239 |
|
High |
WGSA-2023-00006 |
WatchGuard EPDR and AD360 Anti-Tamper Protection Bypass Vulnerability |
CVE-2023-26238 |
|
Medium |
WGSA-2023-00005 |
WatchGuard EPDR and AD360 Advanced Protection Bypass Vulnerability via Registry Key |
CVE-2023-26237 |
|
High |
WGSA-2023-00004 |
WatchGuard EPDR and AD360 Local Privilege Escalation |
CVE-2023-26236 |
|
Medium |
WGSA-2023-00002 |
Firebox Authenticated Arbitrary File Read Vulnerability |
CVE-2023-2357 |
|
Medium |
WGSA-2023-00001 |
OpenSSH Server 9.1 Double Free Vulnerability (CVE-2023-25136) |
CVE-2023-25136 |
|
High |
WGSA-2022-00021 |
OpenSSL CVE-2022-3602 and CVE-2022-3786 |
CVE-2022-3602, CVE-2022-3786 |
|
High |
WGSA-2022-00020 |
OpenVPN Unauthenticated Access To Control Channel Data (CVE-2020-15078) |
CVE-2020-15078 |
|
Medium |
WGSA-2022-00019 |
Firebox Limited Authenticated Arbitrary File Read/Write Vulnerability |
CVE-2022-31749 |
|
Medium |
WGSA-2022-00018 |
Firebox Local Privilege Escallation Vulnerability |
|
|
High |
WGSA-2022-00017 |
Firebox Information Disclosure Vulnerability |
CVE-2022-31790 |
|
Critical |
WGSA-2022-00016 |
Firebox Authenticated Stack Overflow Vulnerability va CLI Interface |
CVE-2022-25362 |
|
Critical |
WGSA-2022-00015 |
Firebox Unauthenticated Buffer Overflow Vulnerability |
CVE-2022-31789 |
|
Medium |
WGSA-2022-00014 |
Firebox WebUI Stored Cross-Site Scripting (XSS) Vulnerability |
CVE-2022-31792 |
|
Medium |
WGSA-2022-00013 |
Firebox Authenticated Arbitrary File Read Vulnerability |
|
|
Medium |
WGSA-2022-00012 |
OpenSSL Command Injection Vulnerability (CVE-2022-1292) |
CVE-2022-1292 |
|
High |
WGSA-2022-00011 |
OpenSSL Certificate Processing DoS Vulnerability (CVE-2022-0778) |
CVE-2022-0778 |
|
Critical |
WGSA-2022-00010 |
Java Spring Framework RCE aka Spring4Shell (CVE-2022-22965) |
CVE-2022-22965 |
|
Medium |
WGSA-2022-00009 |
Firebox Unauthorized User Password Modification Vulnerability |
CVE-2022-25363 |
|
High |
WGSA-2022-00008 |
Firebox Authenticated Arbitrary File Upload Vulnerability |
CVE-2022-25360 |
|
High |
WGSA-2022-00007 |
Firebox Authenticated Stack Overflow Vulnerability via Malicious Firmware Update - B |
CVE-2022-25293 |
|
High |
WGSA-2022-00006 |
Firebox Authenticated Stack Overflow Vulnerability via Malicious Firmware Update - A |
CVE-2022-25292 |
|
High |
WGSA-2022-00005 |
Firebox Authenticated Heap Overflow Vulnerability via Malicious Firmware Update |
CVE-2022-25291 |
|
Critical |
WGSA-2022-00004 |
Firebox Unauthenticated Arbitrary FIle Delete Vulnerability |
CVE-2022-25361 |
|
Medium |
WGSA-2022-00003 |
Firebox Unauthorized Certificate Private Key Retrieval Vulnerability |
CVE-2022-25290 |
|
Critical |
WGSA-2022-00002 |
Firebox Unauthenticated Remote Code Execution Vulnerability |
CVE-2022-26318 |
|
High |
WGSA-2022-00001 |
Polkit pkexec Local Privilege Escalation Vulnerability (CVE-2021-4034) |
CVE-2021-4034 |
|
High |
WGSA-2021-00005 |
Firebox WebUI Business Logic Vulnerability |
|
|
High |
WGSA-2021-00004 |
Firebox Management Privilege Escallation Vulnerability |
CVE-2022-23176 |
|
Critical |
WGSA-2021-00003 |
Log4j2 Remote Code Execution Vulnerability aka Log4Shell (CVE-2021-44228) |
CVE-2021-44228 |
|