12 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2021-45046
Technical details for CVE-2021-45046 are not publicly provided in the supplied documents. Monitor for updates from official advisories; sources here reference fixes for other Log4j CVEs but do not specify 45046 specifics.
CVE-2021-20021
CVE-2021-20021 affects SonicWall Email Security. The vulnerability enables an unauthenticated attacker to create an administrative account via a crafted HTTP request to the ES appliance, by exploiting an improperly secured admin API endpoint. This leads to privilege escalation with administrator ...
CVE-2021-45105
Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...
CVE-2021-20022
CVE-2021-20022 affects SonicWall Email Security versions 10.0.9.x and enables post-authenticated arbitrary file upload via the branding ZIP mechanism (Zip Slip style) to write files to the server. FireEye/Mandiant detail that lack of input validation allows an attacker to place a web shell in a w...
CVE-2021-20023
The CVE-2021-20023 entry affects SonicWall Email Security (version 10.0.9.x). Connected advisories describe a directory traversal/path traversal vulnerability that, when exploited by a post-authenticated attacker, could allow reading arbitrary files on the remote host. Evidence from advisories an...
CVE-2018-3639
CVE-2018-3639 is a speculative execution side‑channel vulnerability (SSB) that can leak memory via speculative stores. The Connected ALMA doc notes a mitigation: SSB is disabled by the new alt-java launcher, reducing impact at the cost of performance, and it references OpenJDK 8u282 as part of th...
CVE-2021-3450
CVE-2021-3450 affects OpenSSL 1.1.1h–1.1.1j where a bug in the X509_V_FLAG_X509_STRICT path overwrote a prior CA-check result, bypassing the non-CA certificates prohibition unless a programmed purpose is used. When a purpose is configured, the certificate chain is still rejected; the issue is fix...
CVE-2023-0655
The vulnerability affects SonicWall Email Security (SonicWall Email Security appliances). The issue enables a remote unauthenticated attacker to access an error page that reveals sensitive information about users’ email addresses, constituting an information disclosure vulnerability. The connecte...
CVE-2026-3468
SonicWall Email Security appliance is affected by CVE-2026-3468—a stored XSS flaw caused by improper neutralization of user-supplied input during web page generation. The vulnerability requires a remote authenticated attacker with admin privileges and could allow arbitrary JavaScript execution in...
CVE-2026-3470
CVE-2026-3470 concerns the SonicWall Email Security appliance, where improper input sanitization allows data corruption in the application database. The issue is triggered by crafted input that can be provided by a remote authenticated attacker who operates as an admin user. Affected component: t...
CVE-2026-3469
CVE-2026-3469 : A DoS vulnerability in the SonicWall Email Security appliance due to improper input validation. It can be triggered by a remote authenticated attacker who has admin privileges, causing the application to become unresponsive. Exploitation details, affected versions, and a mitigatio...