Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'Email security'
2021-12-14
CVE-2021-45046
CWE-502
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
2021-12-10
CVE-2021-44228
CWE-502
Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
2021-04-20
CVE-2021-20023
CWE-22
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.
2021-04-09
CVE-2021-20022
CWE-434
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.
CVE-2021-20021
CWE-269
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.
2018-05-22
CVE-2018-3639
CWE-200
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
>>>
Vendor:
Sonicwall
41
Produkty
Soho firewall
Soho2
Tele2
Firmware
SOHO
Content filtering
Soho3
Pro100
Pro200
Pro300
Ssl vpn
Ssl vpn2000/4000
Ssl vpn 200
Global vpn client
E-mail security
Sonicos
E-class ssl vpn
Email security
Ssl-vpn end-point interrogator/installer activex control
Web application firewall
Aventail sra ex virtual appliance
Aventail sra ex6000
Aventail sra ex7000
Aventail sra ex9000
Email security appliance
Scrutinizer
Analyzer
Global management system
Uma e5000 firmware
Network security appliance 2400
Uma em5000
Netextender firmware
Uma em5000 firmware
Viewpoint
Cloud global management system
Secure mobile access
Sonicosv
Universal management appliance
Netextender
Sma 500v
Hosted email security
Copyright
2024
, cxsecurity.com
Back to Top