cURL (libcurl) NTLM Authentication Code Buffer Overrun Vulnerability

curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curlntlmcoremknthash multiplies the length of the password by two SUM to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently...

Linux Kernel Crypto Subsystem Vulnerability

A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each afalgctx was freed instead of when the aeadtfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user bein...

Apache Struts Remote Code Execution Vulnerability

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper actions have no or wildcard namespace. Same possibility when using url tag which doesn't have value and action set and in same time, i...

OpenSSH user enumeration vulnerability

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. CVE: CVE-2018-15473 Last updated: Aug...

Foreshadow- L1 Terminal Fault: VMM

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. CVE:...

Foreshadow- L1 Terminal Fault: OS/SMM

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. CVE: CVE-2018-3620 Last updated: Aug. 1...

Foreshadow- L1 Terminal Fault: SGX

Systems with microprocessors utilizing speculative execution and Intel® software guard extensions Intel® SGX may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis. CVE: CVE-2018-3615 Last...

SonicWall GMS XML-RPC Remote Code Execution Vulnerability

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System GMS virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier. CVE: CVE-2018-9866 Last updated: Aug. 3, 201...

vulnerability at mysonicwall.com that leads to Remote Code Execution (RCE)

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. CVE: CVE-2017-11317 Last updated: July 9, 2018, midnight...

Rogue System Register Read (RSRE) – also known as Variant 3a

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read RSRE, Variant 3a. CVE:...

Speculative Store Bypass (SSB) – also known as Variant 4

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...

SonicWall Global Management System (GMS) 8.1 cross-site scripting

SonicWall Global Management System GMS 8.1 has XSS via the newName and Name values of the /sgms/TreeControl module. CVE: CVE-2018-5691 Last updated: March 12, 2018, 5:31 p.m...

Dell SonicWall SonicOS NSA CVE-2018-5281 Multiple HTML Injection Vulnerabilities

SonicWall SonicOS on Network Security Appliance NSA 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. CVE: CVE-2018-5281 Last updated: Jan. 30, 2018, 4:12 p.m...

Dell SonicWall SonicOS NSA CVE-2018-5280 HTML Injection Vulnerability

SonicWall SonicOS on Network Security Appliance NSA 2016 Q4 devices has XSS via the Configure SSO screens. CVE: CVE-2018-5280 Last updated: Jan. 30, 2018, 4:04 p.m...

Dell SonicWall Secure Remote Access Multiple Command Injection Vulnerabilities

The SonicWall Secure Remote Access server version 8.1.0.2-14sv is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI /cgi-bin/diagnostics component responsible for emailing out information about the...

Dell SonicWall Secure Remote Access Multiple Command Injection Vulnerabilities

The SonicWall Secure Remote Access server version 8.1.0.2-14sv is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI /cgi-bin/extensionsettings component responsible for handling some of the server's...

Dell SonicWall Secure Remote Access Multiple Command Injection Vulnerabilities

The SonicWall Secure Remote Access server version 8.1.0.2-14sv is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI /cgi-bin/viewcert component responsible for processing SSL certificate information. The CGI...

Multiple Dell SonicWALL Products Multiple Remote Code Execution Vulnerabilities

The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data. CVE: CVE-2016-2397 Last updated: March 12, 2018, 5:31 p.m...

Multiple Dell SonicWALL Products Multiple Remote Code Execution Vulnerabilities

The GMS ViewPoint GMSVP web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input. CVE: CVE-2016-2396 Last updated: March 12, 2018, 5:29 p.m...

Dell SonicWall TotalSecure TZ 100 Series CVE-2015-7770 Denial of Service Vulnerability

Dell SonicWall TotalSecure TZ 100 devices with firmware before 5.9.1.0-22o allow remote attackers to cause a denial of service via a crafted packet. CVE: CVE-2015-7770 Last updated: Dec. 7, 2016, 6:25 p.m...

Dell SonicWall NetExtender CVE-2015-4173 Remote Privilege Escalation Vulnerability

Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE%...

Multiple Dell SonicWALL Products CVE-2015-3990 Remote Code Execution Vulnerability

The GMS ViewPoint GMSVP web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration. CVE: CVE-2015-3990 Last updated: March 13, 2018, 8:25 p.m...

Dell SonicWALL Secure Remote Access Products CVE-2015-2248 Cross Site Request Forgery Vulnerability

Cross-site request forgery CSRF vulnerability in the user portal in Dell SonicWALL Secure Remote Access SRA products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request...

Dell SonicWall SonicOS 'macIpSpoofView.html' Multiple Cross Site Scripting Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the 1 searchSpoof or 2 searchSpoofIpDet parameter. CVE: CVE-2015-3447 Last updated: March 9, 2018, 4:20 p.m...

Multiple Dell SonicWALL Products CVE-2014-8420 Multiple Remote Code Execution Vulnerabilities

The ViewPoint web application in Dell SonicWALL Global Management System GMS before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors. CVE: CVE-2014-8420 Last updated: March 12, 2018, 5:...

Multiple Dell SonicWALL Products 'node_id' parameter Cross Site Scripting Vulnerability

Cross-site scripting XSS vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the nodeid parameter. CVE: CVE-2014-5024 Last updated: March 12, 2018, 5:24 p.m...

Dell SonicWALL Scrutinizer Multiple Security Vulnerabilities

Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi. CVE: CVE-2014-4976 Last updated: March 12, 2018, 5:23 p.m...

Dell SonicWALL Scrutinizer Multiple Security Vulnerabilities

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the 2 userid parameter in the changeUnit function, 3 methodDeta...

Dell SonicWall EMail Security Appliance Multiple HTML Injection Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via 1 the uploadPatch parameter to the System/Advanced page settingsadvanced.html or 2 the uploadLicenses parameter...

Dell SonicWALL NSA 2400 'stats/dashboard.jsp' Cross Site Scripting Vulnerability

Cross-site scripting XSS vulnerability in the Dashboard Backend service stats/dashboard.jsp in SonicWall Network Security Appliance NSA 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter. CVE: CVE-2014-2589 Last updated: March 12, 2018, 4:19 p.m...

Multiple Dell SonicWALL Products '/sgms/mainPage' Page Cross Site Scripting Vulnerability

Cross-site scripting XSS vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the nodeid parameter in a ScreenDisplayManager genNetwork...

SonicWALL Aventail 'CategoryID' Parameter SQL Injection Vulnerability

SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. CVE: CVE-2011-5262 Last updated: Feb. 13, 2013, 5 a.m...

SonicWall Viewpoint 'scheduleID' Parameter SQL Injection Vulnerability

SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter. CVE: CVE-2011-5169 Last updated: Sept. 17, 2012, 3:14 p.m...

Dell SonicWALL Scrutinizer 'q' Parameter SQL Injection Vulnerability

SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter. CVE: CVE-2012-2962 Last updated: March 12, 2018, 5:21 p.m...

SonicWALL SSL-VPN E-Class ActiveX Control Multiple Buffer Overflow Vulnerabilities

Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control Aventail.EPInstaller before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long 1 CabURL and 2 Location arguments to the Install3rdPartyComponent method. CVE:...

Multiple Vendor Clientless SSL VPN Products Same Origin Policy Bypass Vulnerability

Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in...

SonicWALL Content Filtering Blocked Site Error Page Cross-Site Scripting Vulnerability

Cross-site scripting XSS vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is n...

SonicWALL Email Security Error Page Cross-Site Scripting Vulnerability

Cross-site scripting XSS vulnerability in SonicWall Email Security 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the Host header in a request to a non-existent web page, which is not properly sanitized in an error page. CVE: CVE-2008-2162 Last updated: Aug. 8, 2017, 1:3...

SonicWALL Global VPN Client Remote Format String Vulnerability

Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the 1 Hostname tag or the 2 name attribute in the Connection tag. NOTE: there might...

SonicWALL SSL VPN Client Remote ActiveX Multiple Vulnerabilities

Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long 1 serverAddress, 2 sessionId, 3 clientIPLower, 4 clientIPHigher, 5 userName, 6 domainName, or 7...

SonicWALL SSL VPN Client Remote ActiveX Multiple Vulnerabilities

Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method. CVE: CVE-2007-5603 Last updated: Sept...

SonicWALL SSL VPN Client Remote ActiveX Multiple Vulnerabilities

Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method. CVE: CVE-2007-5815 Last...

SonicWALL SOHO Web Interface Multiple Remote Input Validation Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via 1 the URL or 2 the user login name, which is not filtered when the administrator views the log file. CVE: CVE-2005-1006 Last updated: July 11, 2017, 1:32 a...

SonicWALL PRO HTTP POST request denial of service

SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service device reset via a long HTTP POST to the internal interface, possibly due to a buffer overflow. CVE: CVE-2003-1490 Last updated: July 29, 2017, 1:29 a.m...

SonicWALL Firmware CVE-2003-1320 Denial-Of-Service Vulnerability

SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange IKE response packets, possibly including 1 a large Security Parameter Index SPI field, 2 a large number of payloads, or 3 a long payload. CV...

SonicWALL SOHO3 blocked URL log file script injection

Cross-site scripting XSS vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL. CVE: CVE-2002-2341 Last updated: Sept. 5, 2008, 8:32 p.m...

SonicWALL Content Filtering IP addresses can bypass URL filtering

SonicWall Content Filtering allows local users to access prohibited web sites via requests to the web site's IP address instead of the domain name. CVE: CVE-2002-2181 Last updated: Sept. 5, 2008, 8:32 p.m...

SonicWALL SOHO Firewall Predictable TCP Initial Sequence Number Vulnerability

SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions. CVE: CVE-2001-1104 Last updated: Sept. 5, 2008, 8:25 p.m...

Tele2 CVE-2001-0376 Remote Security Vulnerability

SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack t...

SonicWALL SOHO username denial of service

The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page. CVE: CVE-2000-1097 Last updated: Oct. 10, 2017, 1:29 a.m...