CVSS: 10.0EPSS: 70%CPEs: 9EXPL: 0CVE-2025-23006 – SonicWall SMA1000 Appliances Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2025-23006
23 Jan 2025 — Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. Se ha identificado una vulnerabilidad de deserialización de datos no confiables antes de la autenticación en SMA1000 Appliance Management Console (AMC) y Central Management Console (CMC), que en condiciones específi... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45317
https://notcve.org/view.php?id=CVE-2024-45317
11 Oct 2024 — A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP address. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0017 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 92%CPEs: 2EXPL: 0CVE-2023-0126
https://notcve.org/view.php?id=CVE-2023-0126
19 Jan 2023 — Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory. Vulnerabilidad de path traversal de autenticación previa en la versión 12.4.2 del firmware SMA1000, que permite a un atacante no autenticado acceder a archivos y directorios arbitrarios almacenados fuera del directorio raíz web. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0001 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 86%CPEs: 59EXPL: 104CVE-2022-0847 – Linux Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-0847
07 Mar 2022 — A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. Se ha encontrado un fallo en la forma en que el miembro "flags" de la estructura del nuevo búfer de la tubería carecía de la inic... • https://packetstorm.news/files/id/176534 • CWE-665: Improper Initialization CWE-909: Missing Initialization of Resource •
CVSS: 7.8EPSS: 3%CPEs: 20EXPL: 7CVE-2021-33909 – kernel: size_t-to-int conversion vulnerability in the filesystem layer
https://notcve.org/view.php?id=CVE-2021-33909
20 Jul 2021 — fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. Un archivo fs/seq_file.c en el kernel de Linux versiones 3.16 hasta 5.13.x anteriores a 5.13.4, no restringe apropiadamente las asignaciones de búferes seq, conllevando a un desbordamiento de enteros, una escritura fuera de límites y una escalada a root por parte de ... • https://packetstorm.news/files/id/163621 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5129
https://notcve.org/view.php?id=CVE-2020-5129
26 Mar 2020 — A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier. Una vulnerabilidad en el servidor SonicWall SMA1000 HTTP Extraweb, permite a un atacante remoto no autenticado causar un bloqueo del servidor HTTP que conlleva a una denegación de servicio. Esta vulnerabilidad afectó a SMA1000 Versión 12.1.0-06411 y anteriores. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0002 • CWE-248: Uncaught Exception CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •