Lucene search

K

SMA1000 Security Vulnerabilities

cve
cve

CVE-2023-0126

Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root...

7.5CVSS

7.5AI Score

0.291EPSS

2023-01-19 08:15 PM
41
cve
cve

CVE-2022-22282

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control...

9.8CVSS

9.3AI Score

0.002EPSS

2022-05-13 08:15 PM
73
7
cve
cve

CVE-2022-1701

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store...

7.5CVSS

7.9AI Score

0.001EPSS

2022-05-13 08:15 PM
55
3
cve
cve

CVE-2022-1702

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection...

6.1CVSS

6.8AI Score

0.001EPSS

2022-05-13 08:15 PM
57
4
cve
cve

CVE-2022-0847

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page.....

7.8CVSS

7.7AI Score

0.076EPSS

2022-03-10 05:44 PM
1806
In Wild
4
cve
cve

CVE-2021-33909

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka...

7.8CVSS

7.9AI Score

0.002EPSS

2021-07-20 07:15 PM
624
134
cve
cve

CVE-2020-5132

SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of...

5.3CVSS

5.3AI Score

0.001EPSS

2020-09-30 06:15 AM
41
cve
cve

CVE-2020-5129

A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and...

7.5CVSS

7.5AI Score

0.002EPSS

2020-03-26 01:15 PM
20