CVE-2024-22398
https://notcve.org/view.php?id=CVE-2024-22398
An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance file system. Una vulnerabilidad de limitación inadecuada de un nombre de ruta a un directorio restringido (Path Traversal) en SonicWall Email Security Appliance podría permitir que un atacante remoto con privilegios administrativos lleve a cabo un ataque directory traversal y elimine archivos arbitrarios del sistema de archivos del dispositivo. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0006 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVE-2023-0655
https://notcve.org/view.php?id=CVE-2023-0655
SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0002 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2022-1700
https://notcve.org/view.php?id=CVE-2022-1700
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. The XML parser in the Policy Engine was found to be improperly configured to support external entities and external DTD (Document Type Definitions), which can lead to an XXE attack. This issue affects: Forcepoint Data Loss Prevention (DLP) versions prior to 8.8.2. Forcepoint One Endpoint (F1E) with Policy Engine versions prior to 8.8.2. Forcepoint Web Security Content Gateway versions prior to 8.5.5. • https://help.forcepoint.com/security/CVE/CVE-2022-1700.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2022-2324
https://notcve.org/view.php?id=CVE-2022-2324
Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions Una vulnerabilidad de Comprobación de Seguridad Implementada Inapropiadamente en SonicWall Hosted Email Security conlleva a una omisión del servicio de seguridad Capture ATP en el dispositivo. Esta vulnerabilidad afecta a versiones 10.0.17.7319 y anteriores • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0014 • CWE-290: Authentication Bypass by Spoofing CWE-358: Improperly Implemented Security Check for Standard •
CVE-2020-36519
https://notcve.org/view.php?id=CVE-2020-36519
Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.) Mimecast Email Security versiones anteriores a 10-01-2020 permite a cualquier administrador falsificar cualquier dominio y pasar la alineación DMARC por medio de SPF. Esto ocurre por el uso inapropiado de la funcionalidad address rewrite. • https://wesleyk.me/2020/01/10/my-first-vulnerability-mimecast-sender-address-verification •