CVSS: 9.8EPSS: 80%CPEs: 2EXPL: 1CVE-2021-20021 – SonicWall Email Security Improper Privilege Management Vulnerability
https://notcve.org/view.php?id=CVE-2021-20021
09 Apr 2021 — A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. Una vulnerabilidad en SonicWall Email Security versión 10.0.9.x, permite a un atacante crear una cuenta administrativa mediante el envío de una petición HTTP diseñada en el host remoto SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a... • https://github.com/SUPRAAA-1337/CVE-2021-20021 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-6590
https://notcve.org/view.php?id=CVE-2020-6590
08 Apr 2021 — Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. Forcepoint Web Security Content Gateway versiones anteriores a 8.5.4, procesan inapropiadamente una entrada XML, conllevando a una divulgación de información • https://help.forcepoint.com/security/CVE/CVE-2020-6590.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.4EPSS: 0%CPEs: 56EXPL: 0CVE-2021-3450 – CA certificate check bypass with X509_V_FLAG_X509_STRICT
https://notcve.org/view.php?id=CVE-2021-3450
25 Mar 2021 — The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectivel... • http://www.openwall.com/lists/oss-security/2021/03/27/1 • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-6142
https://notcve.org/view.php?id=CVE-2019-6142
05 Nov 2019 — It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue. Ha sido reportado que una vulnerabilidad de tipo XSS es posible en Forcepoint Email Security, versiones 8.5 y 8.5.3. Se recomienda encarecidamente que apliquen un parche en caliente para solucionar este problema. • https://help.forcepoint.com/security/CVE/CVE-2019-6142.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-6140
https://notcve.org/view.php?id=CVE-2019-6140
09 Apr 2019 — A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed. Se ha detectado un problema de configuración en Forcepoint Email Security versiones 8.4. x y 8.5. x: el producto se deja en un estado vulnerable si el proceso de registro híbrido no es completado • https://help.forcepoint.com/security/CVE/CVE-2019-6140.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2018-16530
https://notcve.org/view.php?id=CVE-2018-16530
09 Apr 2019 — A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation. Un desbordamiento de búfer en región stack de la memoria en Forcepoint Email Security ve... • https://help.forcepoint.com/security/CVE/CVE-2018-16530.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16529
https://notcve.org/view.php?id=CVE-2018-16529
28 Mar 2019 — A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password. Se ha descubierto una vulnerabilidad de restablecimiento de contraseña en Forcepoint Email Security 8.5.x. La URL de restablecimiento de contraseña puede utilizarse después del periodo de expiración intencionado o después de que la contraseña se haya utilizado para restablecer una contraseña. • https://help.forcepoint.com/security/CVE/CVE-2018-16529.html • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 7.5EPSS: 13%CPEs: 2EXPL: 3CVE-2009-3749 – Websense Email Security - Denial of Service
https://notcve.org/view.php?id=CVE-2009-3749
22 Oct 2009 — The Web Administrator service (STEMWADM.EXE) in Websense Personal Email Manager 7.1 before Hotfix 4 and Email Security 7.1 before Hotfix 4 allows remote attackers to cause a denial of service (crash) by sending a HTTP GET request to TCP port 8181 and closing the socket before the service can send a response. El Web Administrator service (STEMWADM.EXE) en Websense Personal Email Manager v7.1 anterior Hotfix v4 y Email Security v7.1 anterior Hotfix v4 permite a atacantes remotos causar una denegación de servi... • https://www.exploit-db.com/exploits/9980 •