VYPR

Sonicos

by SonicWall

CVEs (68)

  • CVE-2024-40764Jul 18, 2024
    risk 0.01cvss epss 0.01

    Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).

  • CVE-2026-3439Mar 4, 2026
    risk 0.00cvss epss 0.00

    A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall.

  • CVE-2026-0402Feb 24, 2026
    risk 0.00cvss epss 0.00

    A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.

  • CVE-2026-0401Feb 24, 2026
    risk 0.00cvss epss 0.00

    A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.

  • CVE-2026-0400Feb 24, 2026
    risk 0.00cvss epss 0.00

    A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.

  • CVE-2026-0399Feb 24, 2026
    risk 0.00cvss epss 0.00

    Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint.

  • CVE-2025-40601Nov 20, 2025
    risk 0.00cvss epss 0.01

    A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.

  • CVE-2025-40600Jul 29, 2025
    risk 0.00cvss epss 0.01

    Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.

  • CVE-2024-29013Jun 20, 2024
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function.

  • CVE-2024-29012Jun 20, 2024
    risk 0.00cvss epss 0.01

    Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.

  • CVE-2024-22394Feb 8, 2024
    risk 0.00cvss epss 0.01

    An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.  This issue affects only firmware version SonicOS 7.1.1-7040.

  • CVE-2023-41715Oct 17, 2023
    risk 0.00cvss epss 0.01

    SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.

  • CVE-2023-41713Oct 17, 2023
    risk 0.00cvss epss 0.01

    SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.

  • CVE-2023-41712Oct 17, 2023
    risk 0.00cvss epss 0.01

    SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.

  • CVE-2023-41711Oct 17, 2023
    risk 0.00cvss epss 0.01

    SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash.

  • CVE-2023-39280Oct 17, 2023
    risk 0.00cvss epss 0.01

    SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.

  • CVE-2023-39279Oct 17, 2023
    risk 0.00cvss epss 0.01

    SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash.

  • CVE-2023-39278Oct 17, 2023
    risk 0.00cvss epss 0.01

    SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.

  • CVE-2023-39277Oct 17, 2023
    risk 0.00cvss epss 0.01

    SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.

  • CVE-2023-39276Oct 17, 2023
    risk 0.00cvss epss 0.01

    SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.