Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Email security'
2021-12-14
CVE-2021-45046
CWE-502
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
2021-12-10
CVE-2021-44228
CWE-502
Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
2021-04-20
CVE-2021-20023
CWE-22
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.
2021-04-09
CVE-2021-20022
CWE-434
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.
CVE-2021-20021
CWE-269
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.
2018-05-22
CVE-2018-3639
CWE-200
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
>>>
Vendor:
Sonicwall
41
Products
Soho firewall
Soho2
Tele2
SOHO
Content filtering
Soho3
Firmware
Pro100
Pro200
Pro300
Ssl vpn
Ssl vpn2000/4000
Ssl vpn 200
Global vpn client
E-mail security
Sonicos
E-class ssl vpn
Ssl-vpn end-point interrogator/installer activex control
Aventail sra ex virtual appliance
Aventail sra ex6000
Aventail sra ex7000
Aventail sra ex9000
Email security appliance
Scrutinizer
Analyzer
Global management system
Uma e5000 firmware
Network security appliance 2400
Uma em5000
Netextender firmware
Uma em5000 firmware
Cloud global management system
Email security
Secure mobile access
Sonicosv
Web application firewall
Universal management appliance
Viewpoint
Netextender
Sma 500v
Hosted email security
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'Email security' 