CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0CVE-2022-22275
https://notcve.org/view.php?id=CVE-2022-22275
Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable. Una Restricción Inapropiada del Canal de Comunicación TCP en el tráfico de entrada HTTP/S de la WAN a la DMZ omitiendo la política de seguridad hasta el apretón de manos TCP, resultando potencialmente en un ataque de Denegación de Servicio (DoS) si el host de destino es vulnerable • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 205EXPL: 0CVE-2021-3449 – NULL pointer deref in signature_algorithms processing
https://notcve.org/view.php?id=CVE-2021-3449
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. • http://www.openwall.com/lists/oss-security/2021/03/27/1 http://www.openwall.com/lists/oss-security/2021/03/27/2 http://www.openwall.com/lists/oss-security/2021/03/28/3 http://www.openwall.com/lists/oss-security/2021/03/28/4 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148 https://kb.pulse • CWE-476: NULL Pointer Dereference •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2015-3447
https://notcve.org/view.php?id=CVE-2015-3447
Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) searchSpoof or (2) searchSpoofIpDet parameter. Múltiples vulnerabilidades de XSS en macIpSpoofView.html en Dell SonicWall SonicOS 7.5.0.12 y 6.x permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro (1) searchSpoof o (2) searchSpoofIpDet. • http://seclists.org/fulldisclosure/2015/Apr/97 http://www.securityfocus.com/archive/1/535393/100/0/threaded http://www.securityfocus.com/bid/74406 http://www.securitytracker.com/id/1032204 http://www.vulnerability-lab.com/get_content.php?id=1359 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •