Lucene search

K
SonicwallSma100 Firmware

9 matches found

CVE
CVE
added 2021/03/25 3:15 p.m.749 views

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a...

5.9CVSS6.7AI score0.15517EPSS
CVE
CVE
added 2021/03/25 3:15 p.m.517 views

CVE-2021-3450

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...

7.4CVSS7.6AI score0.00504EPSS
CVE
CVE
added 2024/12/05 2:15 p.m.180 views

CVE-2024-45318

A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.

8.1CVSS8AI score0.00477EPSS
CVE
CVE
added 2024/12/05 2:15 p.m.111 views

CVE-2024-53703

A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.

8.1CVSS8AI score0.00296EPSS
CVE
CVE
added 2024/12/05 2:15 p.m.107 views

CVE-2024-40763

Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.

7.5CVSS7.6AI score0.00207EPSS
CVE
CVE
added 2021/03/13 2:15 a.m.98 views

CVE-2021-20017

A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.

9CVSS8.8AI score0.02074EPSS
CVE
CVE
added 2021/03/13 2:15 a.m.83 views

CVE-2021-20018

A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.

4.9CVSS5.1AI score0.00092EPSS
CVE
CVE
added 2024/12/05 2:15 p.m.63 views

CVE-2024-53702

Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.

5.3CVSS7.4AI score0.00048EPSS
CVE
CVE
added 2020/09/30 6:15 a.m.62 views

CVE-2020-5132

SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of in...

5.3CVSS5.3AI score0.0014EPSS