Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sonic vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-46959
An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows malicious users to execute a directory traversal.
Sonic Project Sonic 1.0.4
7.5
CVSSv3
CVE-2022-34425
Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.
Dell Enterprise Sonic Distribution 4.0.1
Dell Enterprise Sonic Distribution 4.0.0
6.5
CVSSv3
CVE-2021-36309
Dell Enterprise SONiC OS, versions 3.3.0 and previous versions, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further at...
Dell Enterprise Sonic Os
7.5
CVSSv3
CVE-2023-24574
Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Uncontrolled Resource Consumption vulnerability" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumptio...
Dell Enterprise Sonic Distribution
NA
CVE-2014-5705
The Sonic CD Lite (aka com.soa.sega.soniccdlite) application 1.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Sega Sonic Cd Lite 1.0.4
NA
CVE-2014-5696
The Sonic 4 Episode II LITE (aka com.sega.sonic4ep2lite) application 2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Sega Sonic 4 Episode Ii Lite 2.3
7.8
CVSSv3
CVE-2024-21418
Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability
1 Article
5.3
CVSSv3
CVE-2019-12968
A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive) distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowin...
Drdteam Doomseeker 1.2
Drdteam Doomseeker 1.1
NA
CVE-2024-31961
A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide prior to 3.1.3 allows remote malicious users to execute arbitrary SQL commands via the level2 parameter.
NA
CVE-2009-1815
Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b allows remote malicious users to execute arbitrary code via a long string in a playlist file, as demonstrated by a long .mp3 URL in a .m3u file.
Sonicspot Audioactive Player 1.93b
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »