CVSS: 9.1EPSS: 7%CPEs: 19EXPL: 3CVE-2021-20034 – SonicWall SMA 10.2.1.0-17sv - Password Reset
https://notcve.org/view.php?id=CVE-2021-20034
27 Sep 2021 — An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. Una vulnerabilidad de control de acceso inapropiado en SMA100 permite a un atacante remoto no autenticado omitir las comprobaciones de salto de ruta y eliminar un archivo arbitrario, resultando potencialmente en un reinicio a la configuración predeterminada de fábrica SonicWall SMA version 1... • https://packetstorm.news/files/id/164564 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 86%CPEs: 6EXPL: 0CVE-2021-20028 – SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-20028
04 Aug 2021 — Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier Una neutralización inapropiada de un Comando SQL conllevando una vulnerabilidad de Inyección SQL impactando a los productos Secure Remote Access (SRA) al final de su vida útil, concretamente a dispositivos SRA que ejecutan todo el firmware 8.x y 9.0.0.9-26sv o anteriores SonicWall Secure... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0017 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 3%CPEs: 20EXPL: 7CVE-2021-33909 – kernel: size_t-to-int conversion vulnerability in the filesystem layer
https://notcve.org/view.php?id=CVE-2021-33909
20 Jul 2021 — fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. Un archivo fs/seq_file.c en el kernel de Linux versiones 3.16 hasta 5.13.x anteriores a 5.13.4, no restringe apropiadamente las asignaciones de búferes seq, conllevando a un desbordamiento de enteros, una escritura fuera de límites y una escalada a root por parte de ... • https://packetstorm.news/files/id/163621 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 13%CPEs: 205EXPL: 1CVE-2021-3449 – NULL pointer deref in signature_algorithms processing
https://notcve.org/view.php?id=CVE-2021-3449
25 Mar 2021 — An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS c... • https://github.com/riptl/cve-2021-3449 • CWE-476: NULL Pointer Dereference •
CVSS: 7.4EPSS: 0%CPEs: 56EXPL: 0CVE-2021-3450 – CA certificate check bypass with X509_V_FLAG_X509_STRICT
https://notcve.org/view.php?id=CVE-2021-3450
25 Mar 2021 — The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectivel... • http://www.openwall.com/lists/oss-security/2021/03/27/1 • CWE-295: Improper Certificate Validation •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20018
https://notcve.org/view.php?id=CVE-2021-20018
13 Mar 2021 — A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. Una vulnerabilidad posterior a una autenticación en SonicWall SMA100, permite a un atacante exportar el archivo de configuración a la dirección de correo electrónico especificada. Esta vulnerabilidad afecta a SMA100 versiones 10.2.0.5 y anteriores • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0005 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 0CVE-2021-20017
https://notcve.org/view.php?id=CVE-2021-20017
13 Mar 2021 — A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. Una vulnerabilidad de inyección de comandos posterior a la autenticación en SonicWall SMA100, permite a un atacante autenticado ejecutar comandos del Sistema Operativo como un usuario "nobody". Esta vulnerabilidad afecta a SMA100 versiones 10.2.0.5 y anteriores • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0004 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 80%CPEs: 11EXPL: 0CVE-2021-20016 – SonicWall SSLVPN SMA100 SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-20016
03 Feb 2021 — A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. Una vulnerabilidad de inyección de SQL en el producto SonicWall SSLVPN SMA100, permite a un atacante remoto no autenticado llevar a cabo una consulta SQL para acceder a la contraseña del nombre de usuario y otra información relacionada con la sesión. Esta... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 0CVE-2020-5146
https://notcve.org/view.php?id=CVE-2020-5146
09 Jan 2021 — A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 Appliance version 10.2.0.2-20sv and earlier. Una vulnerabilidad en el dispositivo SonicWall SMA100, permite a un usuario de administración autenticado llevar a cabo una inyección de comandos del Sistema Operativo usando parámetros HTTP POST. Esta vulnerabilidad afectó a SMA100 Appliance versiones 10.2.0.2-20sv y anteriores • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0022 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-5132
https://notcve.org/view.php?id=CVE-2020-5132
30 Sep 2020 — SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability. Los productos SonicWall SSL-VPN y una configuración inapropiada de la funcionalidad SSL-VPN del firewall SonicWall, conlleva a un posible f... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0006 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •