CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7249 – Comodo Firewall Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7249
29 Jul 2024 — Comodo Firewall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the cmdagent executable. By creating a symbolic link, an attacker can abuse the application to delete a file. • https://www.zerodayinitiative.com/advisories/ZDI-24-954 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2023-42552
https://notcve.org/view.php?id=CVE-2023-42552
07 Nov 2023 — Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall. Vulnerabilidad de secuestro de intención implícita en la aplicación Firewall anterior a las versiones 12.1.00.24 en Android 11, 13.1.00.16 en Android 12 y 14.1.00.7 en Android 13 permite que una aplicación de terceros altere la base de datos del Firewall. • https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5552
https://notcve.org/view.php?id=CVE-2023-5552
17 Oct 2023 — A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”. Una vulnerabilidad de divulgación de contraseña en la función Secure PDF eXchange (SPX) permite a atacantes con acceso completo al correo electrónico descifrar archivos PDF en Sophos Firewall versión 19.5 MR3 (19.5.3) y anteriores, si el tipo de contraseña está configu... • https://www.sophos.com/en-us/security-advisories/sophos-sa-20231017-spx-password • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 10%CPEs: 1EXPL: 0CVE-2022-3236 – Sophos Firewall Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-3236
23 Sep 2022 — A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. Una vulnerabilidad de inyección de código en User Portal and Webadmin permite a un atacante remoto ejecutar código en Sophos Firewall versiones v19.0 MR1 y anteriores. A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2022-1807
https://notcve.org/view.php?id=CVE-2022-1807
07 Sep 2022 — Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. Múltiples vulnerabilidades SQLi en Webadmin permiten una escalada de privilegios de administrador a superadministrador en Sophos Firewall versiones anteriores a versión 18.5 MR4 y versión 19.0 MR1 • https://www.sophos.com/en-us/security-advisories/sophos-sa-20220907-sfos-18-5-4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0675 – Puppet Firewall Module May Leave Unmanaged Rules
https://notcve.org/view.php?id=CVE-2022-0675
02 Mar 2022 — In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state. En determinadas situaciones es posible que se presente una regla no administrada en el sistema objetivo que tenga el mismo comentario que la regla especificada en el manifiesto. Esto podría permitir la existencia de reglas no administradas en el sist... • https://puppet.com/security/cve/CVE-2022-0675 • CWE-20: Improper Input Validation CWE-1289: Improper Validation of Unsafe Equivalence in Input •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2019-14270
https://notcve.org/view.php?id=CVE-2019-14270
25 Jul 2019 — Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6870, and Comodo Internet Security Premium through 12.0.0.6870, with the Comodo Container feature, are vulnerable to Sandbox Escape. Comodo Antivirus hasta la versión 12.0.0.6870, Comodo Firewall hasta la versión 12.0.0.6870, y Comodo Internet Security Premium hasta la versión 12.0.0.6870, con la característica Comodo Container, son vulnerables a un escape del Sandbox. • https://gaissecurity.com/yazi/discovery-of-sandbox-escape-on-comodo-container-antivirus-amp-firewall •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 5CVE-2012-4923 – Endian Firewall 2.4 - 'dansguardian.cgi?addrule' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4923
15 Sep 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Endian Firewall 2.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) createrule sobre dnat.cgi, (2) addr... • https://www.exploit-db.com/exploits/36833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2010-0475 – Palo Alto Network Vulnerability - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-0475
14 May 2010 — Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en esp/editUser.esp en el firewall Palo Alto Networks 3.0.x en versiones anteriores a la 3.0.9 y 3.1.x en versiones anteriores a la 3.1.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecc... • https://www.exploit-db.com/exploits/12660 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2008-0494
https://notcve.org/view.php?id=CVE-2008-0494
30 Jan 2008 — Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in Endian Firewall 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the psearch parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de Cross-site scripting (XSS) en vpnum/userslist.php en Endian Firewall 2.1.2 permite a atacantes remotos inyectar script web o HTML a su elección mediante el parámetro psearch. NOTA: la procedencia de e... • http://downloads.securityfocus.com/vulnerabilities/exploits/27477.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •