Vulnerabilities > Sonicwall > Email Security

DATE CVE VULNERABILITY TITLE RISK
2023-02-14 CVE-2023-0655 Information Exposure Through an Error Message vulnerability in Sonicwall Email Security 10.0.9
SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses.
network
low complexity
sonicwall CWE-209
5.3
2022-07-29 CVE-2022-2324 Authentication Bypass by Spoofing vulnerability in Sonicwall Email Security 10.0.9
Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance.
network
low complexity
sonicwall CWE-290
7.5
2021-12-18 CVE-2021-45105 Uncontrolled Recursion vulnerability in multiple products
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups.
network
high complexity
apache netapp debian sonicwall oracle CWE-674
5.9
2021-12-14 CVE-2021-45046 It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations.
network
high complexity
apache intel cvat siemens debian sonicwall fedoraproject
critical
9.0
2021-12-10 CVE-2021-44228 Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. 10.0
2021-04-20 CVE-2021-20023 Path Traversal vulnerability in Sonicwall Email Security and Hosted Email Security
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.
network
low complexity
sonicwall CWE-22
4.9
2021-04-09 CVE-2021-20022 Unrestricted Upload of File with Dangerous Type vulnerability in Sonicwall Email Security and Hosted Email Security
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.
network
low complexity
sonicwall CWE-434
7.2
2021-04-09 CVE-2021-20021 Improper Privilege Management vulnerability in Sonicwall Email Security and Hosted Email Security
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.
network
low complexity
sonicwall CWE-269
critical
9.8
2021-03-25 CVE-2021-3450 Improper Certificate Validation vulnerability in multiple products
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain.
7.4
2018-05-22 CVE-2018-3639 Information Exposure Through Discrepancy vulnerability in multiple products
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
5.5