Ng Firewall CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2019-18649	1 Untangle	1 Ng Firewall	2024-11-21	4.8 Medium
When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS.
CVE-2019-18648	1 Untangle	1 Ng Firewall	2024-11-21	4.8 Medium
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields.
CVE-2019-18647	1 Untangle	1 Ng Firewall	2024-11-21	7.2 High
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user.
CVE-2019-18646	1 Untangle	1 Ng Firewall	2024-11-21	7.2 High
The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user.

Page 1 of 1.