CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2023-42552
https://notcve.org/view.php?id=CVE-2023-42552
Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall. Vulnerabilidad de secuestro de intención implícita en la aplicación Firewall anterior a las versiones 12.1.00.24 en Android 11, 13.1.00.16 en Android 12 y 14.1.00.7 en Android 13 permite que una aplicación de terceros altere la base de datos del Firewall. • https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5552
https://notcve.org/view.php?id=CVE-2023-5552
A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”. Una vulnerabilidad de divulgación de contraseña en la función Secure PDF eXchange (SPX) permite a atacantes con acceso completo al correo electrónico descifrar archivos PDF en Sophos Firewall versión 19.5 MR3 (19.5.3) y anteriores, si el tipo de contraseña está configurado en "Especificado por el remitente". • https://www.sophos.com/en-us/security-advisories/sophos-sa-20231017-spx-password • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 0CVE-2022-3236 – Sophos Firewall Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-3236
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. Una vulnerabilidad de inyección de código en User Portal and Webadmin permite a un atacante remoto ejecutar código en Sophos Firewall versiones v19.0 MR1 y anteriores. A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2022-1807
https://notcve.org/view.php?id=CVE-2022-1807
Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. Múltiples vulnerabilidades SQLi en Webadmin permiten una escalada de privilegios de administrador a superadministrador en Sophos Firewall versiones anteriores a versión 18.5 MR4 y versión 19.0 MR1 • https://www.sophos.com/en-us/security-advisories/sophos-sa-20220907-sfos-18-5-4 https://www.sophos.com/en-us/security-advisories/sophos-sa-20220907-sfos-19-0-1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0675 – Puppet Firewall Module May Leave Unmanaged Rules
https://notcve.org/view.php?id=CVE-2022-0675
In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state. En determinadas situaciones es posible que se presente una regla no administrada en el sistema objetivo que tenga el mismo comentario que la regla especificada en el manifiesto. Esto podría permitir la existencia de reglas no administradas en el sistema objetivo y dejar el sistema en un estado no seguro A flaw was found in the Puppet Firewall module. In certain situations, an unmanaged rule can exist on the target system that has the same comment as a rule specified in the manifest. • https://puppet.com/security/cve/CVE-2022-0675 https://access.redhat.com/security/cve/CVE-2022-0675 https://bugzilla.redhat.com/show_bug.cgi?id=2071567 • CWE-20: Improper Input Validation CWE-1289: Improper Validation of Unsafe Equivalence in Input •