Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sonic vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-46959
An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows malicious users to execute a directory traversal.
Sonic Project Sonic 1.0.4
7.5
CVSSv3
CVE-2022-34425
Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.
Dell Enterprise Sonic Distribution 4.0.1
Dell Enterprise Sonic Distribution 4.0.0
7.5
CVSSv3
CVE-2023-24574
Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Uncontrolled Resource Consumption vulnerability" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumptio...
Dell Enterprise Sonic Distribution
6.5
CVSSv3
CVE-2021-36309
Dell Enterprise SONiC OS, versions 3.3.0 and previous versions, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further at...
Dell Enterprise Sonic Os
NA
CVE-2014-5705
The Sonic CD Lite (aka com.soa.sega.soniccdlite) application 1.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Sega Sonic Cd Lite 1.0.4
NA
CVE-2014-5696
The Sonic 4 Episode II LITE (aka com.sega.sonic4ep2lite) application 2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Sega Sonic 4 Episode Ii Lite 2.3
7.8
CVSSv3
CVE-2024-21418
Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability
1 Article
5.3
CVSSv3
CVE-2019-12968
A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive) distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowin...
Drdteam Doomseeker 1.2
Drdteam Doomseeker 1.1
NA
CVE-2009-1815
Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b allows remote malicious users to execute arbitrary code via a long string in a playlist file, as demonstrated by a long .mp3 URL in a .m3u file.
Sonicspot Audioactive Player 1.93b
2 EDB exploits
NA
CVE-2023-32484
Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. Th...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »