Lucene search
+L
SonicwallEmail Security

12 matches found

CVE
CVE
added 2021/12/10 12:0 a.m.6941 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wild
CVE
CVE
added 2021/12/14 4:55 p.m.1739 views

CVE-2021-45046

Technical details for CVE-2021-45046 are not publicly provided in the supplied documents. Monitor for updates from official advisories; sources here reference fixes for other Log4j CVEs but do not specify 45046 specifics.

9CVSS9.7AI score0.99977EPSS
In wild
CVE
CVE
added 2021/04/09 5:50 p.m.1226 views

CVE-2021-20021

CVE-2021-20021 affects SonicWall Email Security. The vulnerability enables an unauthenticated attacker to create an administrative account via a crafted HTTP request to the ES appliance, by exploiting an improperly secured admin API endpoint. This leads to privilege escalation with administrator ...

9.8CVSS9.1AI score0.83425EPSS
In wild
CVE
CVE
added 2021/12/18 11:55 a.m.1191 views

CVE-2021-45105

Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...

5.9CVSS7.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2021/04/09 5:50 p.m.1110 views

CVE-2021-20022

CVE-2021-20022 affects SonicWall Email Security versions 10.0.9.x and enables post-authenticated arbitrary file upload via the branding ZIP mechanism (Zip Slip style) to write files to the server. FireEye/Mandiant detail that lack of input validation allows an attacker to place a web shell in a w...

7.5CVSS8.1AI score0.16509EPSS
In wild
CVE
CVE
added 2021/04/20 11:55 a.m.1071 views

CVE-2021-20023

The CVE-2021-20023 entry affects SonicWall Email Security (version 10.0.9.x). Connected advisories describe a directory traversal/path traversal vulnerability that, when exploited by a post-authenticated attacker, could allow reading arbitrary files on the remote host. Evidence from advisories an...

4.9CVSS6.9AI score0.51407EPSS
In wild
CVE
CVE
added 2018/05/22 12:0 p.m.869 views

CVE-2018-3639

CVE-2018-3639 is a speculative execution side‑channel vulnerability (SSB) that can leak memory via speculative stores. The Connected ALMA doc notes a mitigation: SSB is disabled by the new alt-java launcher, reducing impact at the cost of performance, and it references OpenJDK 8u282 as part of th...

5.5CVSS5.9AI score0.60631EPSS
In wild
CVE
CVE
added 2021/03/25 2:25 p.m.566 views

CVE-2021-3450

CVE-2021-3450 affects OpenSSL 1.1.1h–1.1.1j where a bug in the X509_V_FLAG_X509_STRICT path overwrote a prior CA-check result, bypassing the non-CA certificates prohibition unless a programmed purpose is used. When a purpose is configured, the certificate chain is still rejected; the issue is fix...

7.4CVSS7.6AI score0.18339EPSS
CVE
CVE
added 2023/02/14 12:0 a.m.75 views

CVE-2023-0655

The vulnerability affects SonicWall Email Security (SonicWall Email Security appliances). The issue enables a remote unauthenticated attacker to access an error page that reveals sensitive information about users’ email addresses, constituting an information disclosure vulnerability. The connecte...

5.3CVSS5.2AI score0.00717EPSS
CVE
CVE
added 2026/03/31 8:17 p.m.22 views

CVE-2026-3468

SonicWall Email Security appliance is affected by CVE-2026-3468—a stored XSS flaw caused by improper neutralization of user-supplied input during web page generation. The vulnerability requires a remote authenticated attacker with admin privileges and could allow arbitrary JavaScript execution in...

4.8CVSS6AI score0.00226EPSS
CVE
CVE
added 2026/03/31 8:19 p.m.16 views

CVE-2026-3470

CVE-2026-3470 concerns the SonicWall Email Security appliance, where improper input sanitization allows data corruption in the application database. The issue is triggered by crafted input that can be provided by a remote authenticated attacker who operates as an admin user. Affected component: t...

3.8CVSS5.9AI score0.00321EPSS
CVE
CVE
added 2026/03/31 8:18 p.m.15 views

CVE-2026-3469

CVE-2026-3469 : A DoS vulnerability in the SonicWall Email Security appliance due to improper input validation. It can be triggered by a remote authenticated attacker who has admin privileges, causing the application to become unresponsive. Exploitation details, affected versions, and a mitigatio...

2.7CVSS5.9AI score0.00386EPSS