VYPR

Email Security

by SonicWall

CVEs (24)

  • CVE-2018-3639MedMay 22, 2018
    risk 0.44cvss 5.5epss 0.61

    Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis,…

  • CVE-2024-9103MedMar 24, 2025
    risk 0.40cvss 6.1epss 0.00

    Improper Neutralization of Script in Attributes in a Web Page vulnerability in Forcepoint Email Security (Blocked Messages module) allows Stored XSS. This issue affects Email Security through 8.5.5.

  • CVE-2021-45105MedDec 18, 2021
    risk 0.37cvss 5.9epss 1.00

    Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is…

  • CVE-2024-22398MedMar 14, 2024
    risk 0.32cvss 4.9epss 0.01

    An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance…

  • CVE-2026-3468MedMar 31, 2026
    risk 0.31cvss 4.8epss 0.00

    A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute…

  • CVE-2026-3470LowMar 31, 2026
    risk 0.25cvss 3.8epss 0.00

    A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attacker as admin user could exploit this issue by providing crafted input that corrupts application database.

  • CVE-2021-20021KEVApr 9, 2021
    risk 0.25cvss epss 0.83

    A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.

  • CVE-2021-20023KEVApr 20, 2021
    risk 0.22cvss epss 0.51

    SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.

  • CVE-2021-20022KEVApr 9, 2021
    risk 0.21cvss epss 0.17

    SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.

  • CVE-2026-3469LowMar 31, 2026
    risk 0.18cvss 2.7epss 0.00

    A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive.

  • CVE-2014-2879Apr 17, 2014
    risk 0.03cvss epss 0.05

    Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2)…

  • CVE-2008-2162May 12, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in SonicWall Email Security 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the Host header in a request to a non-existent web page, which is not properly sanitized in an error page.

  • CVE-2019-7489Dec 23, 2019
    risk 0.02cvss epss 0.05

    A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.

  • CVE-2025-40605Nov 20, 2025
    risk 0.00cvss epss 0.00

    A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path.

  • CVE-2025-40604Nov 20, 2025
    risk 0.00cvss epss 0.00

    Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.

  • CVE-2024-2166Sep 4, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Email Security (Real Time Monitor modules) allows Reflected XSS.This issue affects Email Security: before 8.5.5 HF003.

  • CVE-2023-0655Feb 14, 2023
    risk 0.00cvss epss 0.01

    SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses.

  • CVE-2022-2324Jul 29, 2022
    risk 0.00cvss epss 0.01

    Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions

  • CVE-2021-20025May 13, 2021
    risk 0.00cvss epss 0.00

    SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance…

  • CVE-2019-7488Dec 23, 2019
    risk 0.00cvss epss 0.02

    Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.

Page 1 of 2