Filtered by vendor Sonicwall Subscriptions
Total 194 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-1702 1 Sonicwall 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more 2024-11-21 6.1 Medium
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.
CVE-2022-1701 1 Sonicwall 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more 2024-11-21 7.5 High
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.
CVE-2022-0847 7 Fedoraproject, Linux, Netapp and 4 more 42 Fedora, Linux Kernel, H300e and 39 more 2024-11-21 7.8 High
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
CVE-2021-45105 6 Apache, Debian, Netapp and 3 more 131 Log4j, Debian Linux, Cloud Manager and 128 more 2024-11-21 5.9 Medium
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
CVE-2021-45046 8 Apache, Cvat, Debian and 5 more 70 Log4j, Computer Vision Annotation Tool, Debian Linux and 67 more 2024-11-21 9.0 Critical
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
CVE-2021-44228 13 Apache, Apple, Bentley and 10 more 167 Log4j, Xcode, Synchro and 164 more 2024-11-21 10.0 Critical
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CVE-2021-3450 11 Fedoraproject, Freebsd, Mcafee and 8 more 39 Fedora, Freebsd, Web Gateway and 36 more 2024-11-21 7.4 High
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).
CVE-2021-3449 13 Checkpoint, Debian, Fedoraproject and 10 more 172 Multi-domain Management, Multi-domain Management Firmware, Quantum Security Gateway and 169 more 2024-11-21 5.9 Medium
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
CVE-2021-33909 7 Debian, Fedoraproject, Linux and 4 more 16 Debian Linux, Fedora, Linux Kernel and 13 more 2024-11-21 7.8 High
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
CVE-2021-20051 1 Sonicwall 1 Global Vpn Client 2024-11-21 7.8 High
SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system.
CVE-2021-20050 1 Sonicwall 12 Sma100, Sma200, Sma210 and 9 more 2024-11-21 7.5 High
An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.
CVE-2021-20049 1 Sonicwall 12 Sma100, Sma200, Sma210 and 9 more 2024-11-21 7.5 High
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.
CVE-2021-20048 1 Sonicwall 59 Nsa 2650, Nsa 2700, Nsa 3650 and 56 more 2024-11-21 8.8 High
A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.
CVE-2021-20047 1 Sonicwall 1 Global Vpn Client 2024-11-21 7.8 High
SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system.
CVE-2021-20046 1 Sonicwall 59 Nsa 2650, Nsa 2700, Nsa 3650 and 56 more 2024-11-21 8.8 High
A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.
CVE-2021-20045 1 Sonicwall 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more 2024-11-21 9.8 Critical
A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
CVE-2021-20044 1 Sonicwall 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more 2024-11-21 8.8 High
A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
CVE-2021-20043 1 Sonicwall 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more 2024-11-21 8.8 High
A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
CVE-2021-20042 1 Sonicwall 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more 2024-11-21 9.8 Critical
An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
CVE-2021-20041 1 Sonicwall 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more 2024-11-21 7.5 High
An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.