cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-20050,https://securityvulnerability.io/vulnerability/CVE-2021-20050,Improper Access Control Vulnerability in SonicWall SMA100 Series,"The SonicWall SMA100 series suffers from an improper access control vulnerability that allows unauthorized access to restricted management APIs. This exposure could potentially reveal sensitive configuration metadata to attackers without requiring user login, thereby posing a security risk to the integrity of the system's management capabilities.",Sonicwall,Sonicwall Sma100,7.5,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2021-12-23T01:20:11.000Z,0
CVE-2021-20049,https://securityvulnerability.io/vulnerability/CVE-2021-20049,SonicWall SMA100 Password Change API Vulnerability,"A vulnerability exists in the SonicWall SMA100 password change API, enabling remote unauthenticated attackers to enumerate usernames based on server responses. This issue affects specific versions, including 10.2.1.2-24sv, 10.2.0.8-37sv, and earlier 10.x releases, potentially compromising system security through this exploitable flaw.",Sonicwall,Sonicwall Sma100,7.5,HIGH,0.0027199999894946814,false,,false,false,false,,,false,false,,2021-12-23T01:20:09.000Z,0
CVE-2021-20045,https://securityvulnerability.io/vulnerability/CVE-2021-20045,Buffer Overflow in SonicWall SMA Appliances,"A buffer overflow vulnerability exists within the SMA100 sonicfiles RAC_COPY_TO method, which could allow an unauthenticated remote attacker to execute arbitrary code within the context of the 'nobody' user on the device. This security flaw impacts SMA 200, 210, 400, 410, and 500v appliances, potentially leading to unauthorized control of the affected systems.",Sonicwall,Sonicwall Sma100,9.8,CRITICAL,0.004989999812096357,false,,false,false,false,,,false,false,,2021-12-08T09:55:29.000Z,0
CVE-2021-20044,https://securityvulnerability.io/vulnerability/CVE-2021-20044,Remote Command Injection in SonicWall SMA100 Appliances,"An authenticated remote command injection vulnerability exists in SonicWall's SMA100 appliances, enabling an attacker with valid credentials to execute arbitrary OS commands. This flaw affects the SMA 200, 210, 400, 410, and 500v models, potentially compromising the security of the entire system. Ensure your devices are updated to mitigate the risk associated with this vulnerability.",Sonicwall,Sonicwall Sma100,8.8,HIGH,0.001560000004246831,false,,false,false,false,,,false,false,,2021-12-08T09:55:28.000Z,0
CVE-2021-20043,https://securityvulnerability.io/vulnerability/CVE-2021-20043,Heap-Based Buffer Overflow Vulnerability in SonicWall SMA Appliances,"A heap-based buffer overflow vulnerability exists in the SonicWall SMA100 appliance, specifically in the getBookmarks method. This flaw may allow a remote authenticated attacker to gain unauthorized access and execute arbitrary code with the privileges of the 'nobody' user. This vulnerability impacts multiple models in the SMA series, making it crucial for organizations using affected appliances to apply necessary security measures and updates.",Sonicwall,Sonicwall Sma100,8.8,HIGH,0.002050000010058284,false,,false,false,false,,,false,false,,2021-12-08T09:55:27.000Z,0
CVE-2021-20042,https://securityvulnerability.io/vulnerability/CVE-2021-20042,Unauthorized Proxy Bypass in SonicWall SMA Appliances,"An unauthenticated remote attacker can exploit a vulnerability in SonicWall SMA appliances to use the device as an unintended proxy. This issue enables the attacker to bypass firewall rules and potentially gain access to sensitive internal resources without detection, posing a significant security risk to networks reliant on these appliances.",Sonicwall,Sonicwall Sma100,9.8,CRITICAL,0.005640000104904175,false,,false,false,false,,,false,false,,2021-12-08T09:55:25.000Z,0
CVE-2021-20041,https://securityvulnerability.io/vulnerability/CVE-2021-20041,Remote Code Execution Vulnerability in SonicWall SMA Appliances,"An unauthenticated remote attacker can exploit this vulnerability in SonicWall SMA appliances by sending specially crafted HTTP requests. This results in a resource exhaustion issue, causing the affected devices to enter a state where the CPU usage significantly increases due to continuous looping processes with no feasible exit condition. The impacted appliances include models SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v, making it crucial for users to implement safeguards and monitor network traffic.",Sonicwall,Sonicwall Sma100,7.5,HIGH,0.0030400000978261232,false,,false,false,false,,,false,false,,2021-12-08T09:55:24.000Z,0
CVE-2021-20040,https://securityvulnerability.io/vulnerability/CVE-2021-20040,Relative Path Traversal Vulnerability in SonicWall SMA Appliances,"A security vulnerability exists in the SMA100 upload function that allows remote unauthenticated attackers to exploit relative path traversal. This flaw enables attackers to upload malicious web pages or files with the privileges of the 'nobody' user. It primarily impacts SonicWall SMA 200, 210, 400, 410, and 500v appliances, posing a significant risk to system integrity.",Sonicwall,Sonicwall Sma100,7.5,HIGH,0.002090000081807375,false,,false,false,false,,,false,false,,2021-12-08T09:55:23.000Z,0
CVE-2021-20039,https://securityvulnerability.io/vulnerability/CVE-2021-20039,Authenticated Command Injection in SonicWall SMA100 Management Interface,"An authenticated command injection vulnerability exists in the SMA100 management interface, specifically at the endpoint '/cgi-bin/viewcert' when handled via the POST HTTP method. This flaw can be exploited by a remote and authenticated attacker, enabling them to execute arbitrary commands on the system as a 'nobody' user. The issue impacts numerous models within the SMA100 series, including the SMA 200, 210, 400, 410, and 500v appliances, posing significant risks to the integrity and confidentiality of data managed by these devices.",Sonicwall,Sonicwall Sma100,8.8,HIGH,0.8412700295448303,false,,false,false,false,,,false,false,,2021-12-08T09:55:21.000Z,0
CVE-2021-20038,https://securityvulnerability.io/vulnerability/CVE-2021-20038,Stack-Based Buffer Overflow in SMA100 Apache httpd Server by SonicWall,"A stack-based buffer overflow vulnerability in the Apache httpd server's mod_cgi module on SonicWall's SMA100 appliances could allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the 'nobody' user. This issue affects multiple SMA appliance models, specifically versions prior to firmware updates 10.2.0.8-37sv, 10.2.1.1-19sv, and 10.2.1.2-24sv. Users are advised to update their firmware to mitigate this risk and secure their systems against potential exploitation.",Sonicwall,Sonicwall Sma100,9.8,CRITICAL,0.9672200083732605,true,2022-01-28T00:00:00.000Z,false,true,true,2022-01-28T00:00:00.000Z,true,false,false,,2021-12-08T09:55:20.000Z,0
CVE-2021-20016,https://securityvulnerability.io/vulnerability/CVE-2021-20016,,A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.,Sonicwall,Sonicwall Sma100,9.8,CRITICAL,0.026809999719262123,true,2021-11-03T00:00:00.000Z,false,true,true,2021-11-03T00:00:00.000Z,,false,false,,2021-02-04T06:15:00.000Z,0