CVSS: 7.5EPSS: 0%CPEs: 98EXPL: 0CVE-2022-22278
https://notcve.org/view.php?id=CVE-2022-22278
27 Apr 2022 — A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack Una vulnerabilidad en SonicOS CFS (servicio de filtrado de contenidos) devuelve un gran mensaje de respuesta HTTP 403 prohibido a la dirección de origen cuando usuarios intentan acceder a un recurso prohibido, lo que permite a un atacante causar un ataque de Denega... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 129EXPL: 0CVE-2022-22277
https://notcve.org/view.php?id=CVE-2022-22277
27 Apr 2022 — A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext. Una vulnerabilidad en el servicio SNMP de SonicOS resultando en una exposición de información confidencial del punto de acceso inalámbrico en texto sin cifrar • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 98EXPL: 0CVE-2022-22276
https://notcve.org/view.php?id=CVE-2022-22276
27 Apr 2022 — A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user. Una vulnerabilidad en el servicio SNMP de SonicOS resultando en una exposición de información confidencial a un usuario no autorizado • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 10EXPL: 0CVE-2022-22279
https://notcve.org/view.php?id=CVE-2022-22279
13 Apr 2022 — A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions Una vulnerabilidad de lectura arbitraria de archivos después de la autenticación que afecta a los productos Secure Remote Access... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0006 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 9.8EPSS: 1%CPEs: 18EXPL: 0CVE-2022-22273
https://notcve.org/view.php?id=CVE-2022-22273
17 Mar 2022 — Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions Una Neutralización Inapropiada de Elementos Especiales conllevando a una vulnerabilidad de Iny... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0001 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 84%CPEs: 59EXPL: 111CVE-2022-0847 – Linux Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-0847
07 Mar 2022 — A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. Se ha encontrado un fallo en la forma en que el miembro "flags" de la estructura del nuevo búfer de la tubería carecía de la inic... • https://packetstorm.news/files/id/176534 • CWE-665: Improper Initialization CWE-909: Missing Initialization of Resource •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2021-20050
https://notcve.org/view.php?id=CVE-2021-20050
23 Dec 2021 — An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. Una vulnerabilidad de control de acceso inapropiado en la serie SMA100 conlleva a que varias API de administración restringidas sean accesibles sin un inicio de sesión de usuario, exponiendo potencialmente los metadatos de configuración • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0031 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2021-20049
https://notcve.org/view.php?id=CVE-2021-20049
23 Dec 2021 — A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions. Una vulnerabilidad en la API de cambio de contraseña de SonicWall SMA100, permite a un atacante remoto no autenticado llevar a cabo una enumeración de nombres de usuario de SMA100 basándose en las respuestas del servidor. Esta vulnerabilidad afecta a las version... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0030 • CWE-203: Observable Discrepancy CWE-204: Observable Response Discrepancy •
CVSS: 5.9EPSS: 72%CPEs: 213EXPL: 10CVE-2021-45105 – Apache Log4j2 does not always protect from infinite recursion in lookup evaluation
https://notcve.org/view.php?id=CVE-2021-45105
18 Dec 2021 — Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. Apache Log4j2 versiones 2.0-alpha1 hasta 2.16.0 (excluyendo las versiones 2.12.3 y 2.3.1) no protegían de la recursión no controlada de las búsquedas autorreferenciales.... • https://github.com/thedevappsecguy/Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-44832 • CWE-20: Improper Input Validation CWE-674: Uncontrolled Recursion •
CVSS: 9.0EPSS: 94%CPEs: 96EXPL: 14CVE-2021-45046 – Apache Log4j2 Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2021-45046
14 Dec 2021 — It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some... • https://packetstorm.news/files/id/179987 • CWE-400: Uncontrolled Resource Consumption CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •