Filtered by vendor Sonicwall
Subscribe
Total
187 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-20038 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions. | |||||
CVE-2021-45105 | 5 Apache, Debian, Netapp and 2 more | 121 Log4j, Debian Linux, Cloud Manager and 118 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. | |||||
CVE-2021-20048 | 1 Sonicwall | 59 Nsa 2650, Nsa 2700, Nsa 3650 and 56 more | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions. | |||||
CVE-2021-33909 | 6 Debian, Fedoraproject, Linux and 3 more | 8 Debian Linux, Fedora, Linux Kernel and 5 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. | |||||
CVE-2021-20023 | 1 Sonicwall | 2 Email Security, Hosted Email Security | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host. | |||||
CVE-2021-20021 | 1 Sonicwall | 2 Email Security, Hosted Email Security | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. | |||||
CVE-2021-20020 | 1 Sonicwall | 1 Global Management System | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. | |||||
CVE-2021-20025 | 1 Sonicwall | 1 Email Security Virtual Appliance | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance remotely only when the device is freshly installed and not connected to Mysonicwall. | |||||
CVE-2021-20019 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability. | |||||
CVE-2021-20024 | 1 Sonicwall | 8 Switch, Sws12-10fpoe, Sws12-8 and 5 more | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations. | |||||
CVE-2021-20032 | 1 Sonicwall | 1 Analytics | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and earlier. | |||||
CVE-2021-20026 | 1 Sonicwall | 1 Network Security Manager | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions. | |||||
CVE-2021-20022 | 1 Sonicwall | 2 Email Security, Hosted Email Security | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. | |||||
CVE-2021-20027 | 1 Sonicwall | 59 Nsa 2650, Nsa 2700, Nsa 3650 and 56 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls. | |||||
CVE-2020-5133 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | |||||
CVE-2020-5142 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
CVE-2020-5140 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
CVE-2020-5143 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
CVE-2021-20018 | 1 Sonicwall | 2 Sma100, Sma100 Firmware | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. | |||||
CVE-2020-5137 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. |