Vulnerabilities (CVE)

Filtered by vendor Sonicwall Subscribe
Total 193 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-20022 1 Sonicwall 2 Email Security, Hosted Email Security 2025-03-14 6.5 MEDIUM 7.2 HIGH
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.
CVE-2021-20023 1 Sonicwall 2 Email Security, Hosted Email Security 2025-03-14 4.0 MEDIUM 4.9 MEDIUM
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.
CVE-2021-20021 1 Sonicwall 2 Email Security, Hosted Email Security 2025-03-14 7.5 HIGH 9.8 CRITICAL
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.
CVE-2021-20016 1 Sonicwall 11 Sma 100, Sma 100 Firmware, Sma 200 and 8 more 2025-03-14 7.5 HIGH 9.8 CRITICAL
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.
CVE-2021-20038 1 Sonicwall 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more 2025-03-14 7.5 HIGH 9.8 CRITICAL
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.
CVE-2021-20028 1 Sonicwall 12 Sma 210, Sma 210 Firmware, Sma 410 and 9 more 2025-03-14 7.5 HIGH 9.8 CRITICAL
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier
CVE-2021-45046 7 Apache, Cvat, Debian and 4 more 61 Log4j, Computer Vision Annotation Tool, Debian Linux and 58 more 2025-03-12 5.1 MEDIUM 9.0 CRITICAL
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
CVE-2023-1101 1 Sonicwall 68 Nsa 2600, Nsa 2650, Nsa 2700 and 65 more 2025-03-07 N/A 8.8 HIGH
SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.
CVE-2024-53704 1 Sonicwall 24 Nsa 2700, Nsa 3700, Nsa 4700 and 21 more 2025-02-19 N/A 9.8 CRITICAL
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
CVE-2022-47522 2 Ieee, Sonicwall 59 Ieee 802.11, Soho 250, Soho 250 Firmware and 56 more 2025-02-06 N/A 7.5 HIGH
The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.
CVE-2024-22395 1 Sonicwall 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more 2024-12-05 N/A 6.3 MEDIUM
Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.
CVE-2024-40764 1 Sonicwall 32 Nsa 2700, Nsa 3700, Nsa 4700 and 29 more 2024-11-21 N/A 7.5 HIGH
Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).
CVE-2024-29014 1 Sonicwall 1 Netextender 2024-11-21 N/A 8.8 HIGH
Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.
CVE-2024-22394 1 Sonicwall 22 Nsa 2700, Nsa 3700, Nsa 4700 and 19 more 2024-11-21 N/A 9.8 CRITICAL
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.  This issue affects only firmware version SonicOS 7.1.1-7040.
CVE-2023-44220 1 Sonicwall 1 Netextender 2024-11-21 N/A 7.3 HIGH
SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.
CVE-2023-44219 2 Microsoft, Sonicwall 2 Windows, Directory Services Connector 2024-11-21 N/A 7.8 HIGH
A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature.
CVE-2023-44218 1 Sonicwall 1 Netextender 2024-11-21 N/A 8.8 HIGH
A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability.
CVE-2023-44217 1 Sonicwall 1 Netextender 2024-11-21 N/A 7.8 HIGH
A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality.
CVE-2023-41713 1 Sonicwall 61 Nsa2700, Nsa3700, Nsa4700 and 58 more 2024-11-21 N/A 7.5 HIGH
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.
CVE-2023-41712 1 Sonicwall 61 Nsa2700, Nsa3700, Nsa4700 and 58 more 2024-11-21 N/A 6.5 MEDIUM
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.