CVSS: 9.8EPSS: 80%CPEs: 2EXPL: 1CVE-2021-20021 – SonicWall Email Security Improper Privilege Management Vulnerability
https://notcve.org/view.php?id=CVE-2021-20021
09 Apr 2021 — A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. Una vulnerabilidad en SonicWall Email Security versión 10.0.9.x, permite a un atacante crear una cuenta administrativa mediante el envío de una petición HTTP diseñada en el host remoto SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a... • https://github.com/SUPRAAA-1337/CVE-2021-20021 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-6590
https://notcve.org/view.php?id=CVE-2020-6590
08 Apr 2021 — Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. Forcepoint Web Security Content Gateway versiones anteriores a 8.5.4, procesan inapropiadamente una entrada XML, conllevando a una divulgación de información • https://help.forcepoint.com/security/CVE/CVE-2020-6590.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.4EPSS: 0%CPEs: 56EXPL: 0CVE-2021-3450 – CA certificate check bypass with X509_V_FLAG_X509_STRICT
https://notcve.org/view.php?id=CVE-2021-3450
25 Mar 2021 — The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectivel... • http://www.openwall.com/lists/oss-security/2021/03/27/1 • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-6140
https://notcve.org/view.php?id=CVE-2019-6140
09 Apr 2019 — A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed. Se ha detectado un problema de configuración en Forcepoint Email Security versiones 8.4. x y 8.5. x: el producto se deja en un estado vulnerable si el proceso de registro híbrido no es completado • https://help.forcepoint.com/security/CVE/CVE-2019-6140.html • CWE-284: Improper Access Control •