Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Untangle Subscribe
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-17494 1 Untangle 1 Untangle Firewall Ng 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
Untangle Firewall NG before 16.0 uses MD5 for passwords.
CVE-2019-18647 1 Untangle 1 Ng Firewall 2020-08-24 9.0 HIGH 7.2 HIGH
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user.
CVE-2019-18646 1 Untangle 1 Ng Firewall 2019-11-14 6.5 MEDIUM 7.2 HIGH
The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user.
CVE-2019-18649 1 Untangle 1 Ng Firewall 2019-11-14 3.5 LOW 4.8 MEDIUM
When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS.
CVE-2019-18648 1 Untangle 1 Ng Firewall 2019-11-14 3.5 LOW 4.8 MEDIUM
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields.