CVE-2021-20031 – Sonicwall SonicOS 7.0 - Host Header Injection
https://notcve.org/view.php?id=CVE-2021-20031
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains. Una vulnerabilidad de Redirección de Encabezado de Host en SonicOS permite potencialmente a un atacante remoto redirigir a usuarios de la administración del firewall a dominios web arbitrarios Sonicwall SonicOS version 7.0 suffers from a host header injection vulnerability. • https://www.exploit-db.com/exploits/50414 http://packetstormsecurity.com/files/164502/Sonicwall-SonicOS-7.0-Host-Header-Injection.html https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0019 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2021-20019
https://notcve.org/view.php?id=CVE-2021-20019
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability. Una vulnerabilidad en SonicOS donde la respuesta del servidor HTTP filtra parte de la memoria mediante el envío de una petición HTTP diseñada, esto puede conllevar potencialmente a una vulnerabilidad de divulgación de datos confidenciales internos • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0006 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-20027
https://notcve.org/view.php?id=CVE-2021-20027
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls. Una vulnerabilidad de desbordamiento de búfer en SonicOS permite a un atacante remoto causar una denegación de servicio (DoS) mediante el envío de una petición especialmente diseñada. Esta vulnerabilidad afecta a las plataformas SonicOS Gen5, Gen6, Gen7 y a los firewalls virtuales SonicOSv • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0016 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2021-3450 – CA certificate check bypass with X509_V_FLAG_X509_STRICT
https://notcve.org/view.php?id=CVE-2021-3450
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. • http://www.openwall.com/lists/oss-security/2021/03/27/1 http://www.openwall.com/lists/oss-security/2021/03/27/2 http://www.openwall.com/lists/oss-security/2021/03/28/3 http://www.openwall.com/lists/oss-security/2021/03/28/4 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845 https://kc.mc • CWE-295: Improper Certificate Validation •
CVE-2015-3447
https://notcve.org/view.php?id=CVE-2015-3447
Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) searchSpoof or (2) searchSpoofIpDet parameter. Múltiples vulnerabilidades de XSS en macIpSpoofView.html en Dell SonicWall SonicOS 7.5.0.12 y 6.x permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro (1) searchSpoof o (2) searchSpoofIpDet. • http://seclists.org/fulldisclosure/2015/Apr/97 http://www.securityfocus.com/archive/1/535393/100/0/threaded http://www.securityfocus.com/bid/74406 http://www.securitytracker.com/id/1032204 http://www.vulnerability-lab.com/get_content.php?id=1359 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •