Filtered by vendor Sonicwall
Subscriptions
Total
182 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20049 | 1 Sonicwall | 12 Sma100, Sma200, Sma210 and 9 more | 2022-07-08 | 7.5 High |
| A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions. | ||||
| CVE-2001-1104 | 1 Sonicwall | 2 Soho, Soho Firmware | 2022-06-28 | N/A |
| SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions. | ||||
| CVE-2005-1006 | 1 Sonicwall | 2 Soho, Soho Firmware | 2022-06-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. | ||||
| CVE-2008-4918 | 1 Sonicwall | 4 Pro 2040, Sonicos Enhanced, Tz 180 and 1 more | 2022-06-17 | N/A |
| Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking." | ||||
| CVE-2022-1703 | 1 Sonicwall | 6 Sma 210, Sma 210 Firmware, Sma 410 and 3 more | 2022-06-17 | 8.8 High |
| Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack. | ||||
| CVE-2019-12259 | 4 Belden, Siemens, Sonicwall and 1 more | 49 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 46 more | 2022-06-16 | 7.5 High |
| Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing. | ||||
| CVE-2018-9867 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2022-06-16 | 5.5 Medium |
| In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). | ||||
| CVE-2018-5281 | 1 Sonicwall | 8 Nsa 250m, Nsa 2600, Nsa 2650 and 5 more | 2022-06-16 | 5.4 Medium |
| SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. | ||||
| CVE-2018-5280 | 1 Sonicwall | 8 Nsa 250m, Nsa 2600, Nsa 2650 and 5 more | 2022-06-16 | 5.4 Medium |
| SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens. | ||||
| CVE-2022-22281 | 1 Sonicwall | 1 Netextender | 2022-05-24 | 7.8 High |
| A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system. | ||||
| CVE-2021-20038 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2022-05-13 | 9.8 Critical |
| A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions. | ||||
| CVE-2021-20051 | 1 Sonicwall | 1 Global Vpn Client | 2022-05-12 | 7.8 High |
| SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system. | ||||
| CVE-2022-22275 | 1 Sonicwall | 53 Nsa 2650, Nsa 2700, Nsa 3650 and 50 more | 2022-05-12 | 7.5 High |
| Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable. | ||||
| CVE-2022-22278 | 1 Sonicwall | 98 Nsa 2650, Nsa 2650 Firmware, Nsa 2700 and 95 more | 2022-05-06 | 7.5 High |
| A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack | ||||
| CVE-2022-22277 | 1 Sonicwall | 98 Nsa 2650, Nsa 2650 Firmware, Nsa 2700 and 95 more | 2022-05-06 | 5.3 Medium |
| A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext. | ||||
| CVE-2022-22276 | 1 Sonicwall | 98 Nsa 2650, Nsa 2650 Firmware, Nsa 2700 and 95 more | 2022-05-06 | 5.3 Medium |
| A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user. | ||||
| CVE-2021-20039 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2022-04-01 | 8.8 High |
| Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | ||||
| CVE-2022-22274 | 1 Sonicwall | 33 Nsa 2700, Nsa 3700, Nsa 4700 and 30 more | 2022-03-31 | 9.8 Critical |
| A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall. | ||||
| CVE-2021-20048 | 1 Sonicwall | 59 Nsa 2650, Nsa 2700, Nsa 3650 and 56 more | 2022-01-19 | 8.8 High |
| A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions. | ||||
| CVE-2021-20046 | 1 Sonicwall | 59 Nsa 2650, Nsa 2700, Nsa 3650 and 56 more | 2022-01-19 | 8.8 High |
| A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions. | ||||