CVSS: 5.9EPSS: 10%CPEs: 205EXPL: 1CVE-2021-3449 – NULL pointer deref in signature_algorithms processing
https://notcve.org/view.php?id=CVE-2021-3449
25 Mar 2021 — An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS c... • https://github.com/riptl/cve-2021-3449 • CWE-476: NULL Pointer Dereference •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20018
https://notcve.org/view.php?id=CVE-2021-20018
13 Mar 2021 — A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. Una vulnerabilidad posterior a una autenticación en SonicWall SMA100, permite a un atacante exportar el archivo de configuración a la dirección de correo electrónico especificada. Esta vulnerabilidad afecta a SMA100 versiones 10.2.0.5 y anteriores • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0005 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 0CVE-2021-20017
https://notcve.org/view.php?id=CVE-2021-20017
13 Mar 2021 — A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. Una vulnerabilidad de inyección de comandos posterior a la autenticación en SonicWall SMA100, permite a un atacante autenticado ejecutar comandos del Sistema Operativo como un usuario "nobody". Esta vulnerabilidad afecta a SMA100 versiones 10.2.0.5 y anteriores • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0004 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-5132
https://notcve.org/view.php?id=CVE-2020-5132
30 Sep 2020 — SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability. Los productos SonicWall SSL-VPN y una configuración inapropiada de la funcionalidad SSL-VPN del firewall SonicWall, conlleva a un posible f... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0006 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •