VYPR

Vendor CVEs

SonicWall

All CVEs

245 total · sorted by risk
  • CVE-2025-23006KEVJan 23, 2025
    risk 0.22cvss epss 0.22

    Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute…

  • CVE-2021-20023KEVApr 20, 2021
    risk 0.22cvss epss 0.51

    SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.

  • CVE-2021-20022KEVApr 9, 2021
    risk 0.21cvss epss 0.17

    SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.

  • CVE-2026-3469LowMar 31, 2026
    risk 0.18cvss 2.7epss 0.00

    A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive.

  • CVE-2024-40766KEVAug 23, 2024
    risk 0.18cvss epss 0.16

    An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices,…

  • CVE-2019-7483KEVDec 19, 2019
    risk 0.16cvss epss 0.04

    In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.

  • CVE-2023-44221KEVDec 5, 2023
    risk 0.14cvss epss 0.75

    Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.

  • CVE-2020-5135KEVOct 12, 2020
    risk 0.14cvss epss 0.27

    A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv…

  • CVE-2021-20035KEVSep 27, 2021
    risk 0.13cvss epss 0.04

    Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.

  • CVE-2025-40602KEVDec 18, 2025
    risk 0.12cvss epss 0.02

    A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).

  • CVE-2023-34127Jul 13, 2023
    risk 0.10cvss epss 0.87

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier…

  • CVE-2023-34124Jul 13, 2023
    risk 0.10cvss epss 0.41

    The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

  • CVE-2021-20039Dec 8, 2021
    risk 0.10cvss epss 0.78

    Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

  • CVE-2013-1359Feb 11, 2020
    risk 0.10cvss epss 0.89

    An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA…

  • CVE-2023-34132Jul 13, 2023
    risk 0.09cvss epss 0.07

    Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

  • CVE-2014-4977Jul 16, 2014
    risk 0.09cvss epss 0.75

    Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit…

  • CVE-2023-34133Jul 13, 2023
    risk 0.08cvss epss 0.77

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier…

  • CVE-2013-1360Feb 11, 2020
    risk 0.08cvss epss 0.23

    An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which…

  • CVE-2012-2962Jul 30, 2012
    risk 0.08cvss epss 0.67

    SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.

  • CVE-2023-0126Jan 19, 2023
    risk 0.07cvss epss 0.73

    Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.

  • CVE-2012-3951Jul 31, 2012
    risk 0.07cvss epss 0.53

    The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.

  • CVE-2012-2626Jul 31, 2012
    risk 0.07cvss epss 0.44

    cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.

  • CVE-2021-20031Oct 12, 2021
    risk 0.06cvss epss 0.13

    A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.

  • CVE-2007-5603Nov 5, 2007
    risk 0.06cvss epss 0.38

    Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method.

  • CVE-2019-7482Dec 19, 2019
    risk 0.05cvss epss 0.09

    Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.

  • CVE-2014-8420Nov 25, 2014
    risk 0.05cvss epss 0.24

    The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors.

  • CVE-2022-22274Mar 25, 2022
    risk 0.04cvss epss 0.57

    A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.

  • CVE-2008-4918Nov 4, 2008
    risk 0.04cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content…

  • CVE-2005-1006May 2, 2005
    risk 0.04cvss epss 0.06

    Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file.

  • CVE-2001-1104Jul 25, 2001
    risk 0.04cvss epss 0.07

    SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions.

  • CVE-2023-34129Jul 13, 2023
    risk 0.03cvss epss 0.43

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying…

  • CVE-2023-0656Mar 2, 2023
    risk 0.03cvss epss 0.41

    A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.

  • CVE-2021-20034Sep 27, 2021
    risk 0.03cvss epss 0.81

    An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.

  • CVE-2020-5147Jan 9, 2021
    risk 0.03cvss epss 0.02

    SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.

  • CVE-2012-1258Jan 9, 2020
    risk 0.03cvss epss 0.03

    cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters.

  • CVE-2015-2248May 1, 2015
    risk 0.03cvss epss 0.04

    Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks…

  • CVE-2014-2879Apr 17, 2014
    risk 0.03cvss epss 0.05

    Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2)…

  • CVE-2013-7025Dec 9, 2013
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script…

  • CVE-2011-5262Feb 12, 2013
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.

  • CVE-2011-5169Sep 15, 2012
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter.

  • CVE-2012-3848Jul 31, 2012
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to…

  • CVE-2012-2627Jul 31, 2012
    risk 0.03cvss epss 0.06

    d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.

  • CVE-2008-2162May 12, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in SonicWall Email Security 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the Host header in a request to a non-existent web page, which is not properly sanitized in an error page.

  • CVE-2007-6273Dec 7, 2007
    risk 0.03cvss epss 0.06

    Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection…

  • CVE-2007-5815Nov 5, 2007
    risk 0.03cvss epss 0.05

    Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method.

  • CVE-2002-2341Dec 31, 2002
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL.

  • CVE-2024-53703Dec 5, 2024
    risk 0.02cvss epss 0.13

    A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.

  • CVE-2019-7489Dec 23, 2019
    risk 0.02cvss epss 0.05

    A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.

  • CVE-2024-40763Dec 5, 2024
    risk 0.01cvss epss 0.01

    Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.

  • CVE-2024-40764Jul 18, 2024
    risk 0.01cvss epss 0.01

    Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).

Page 2 of 5