VYPR

Vendor CVEs

SonicWall

All CVEs

245 total · sorted by risk
  • CVE-2023-34136Jul 13, 2023
    risk 0.00cvss epss 0.01

    Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

  • CVE-2023-34135Jul 13, 2023
    risk 0.00cvss epss 0.01

    Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

  • CVE-2023-34134Jul 13, 2023
    risk 0.00cvss epss 0.01

    Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and…

  • CVE-2023-34131Jul 13, 2023
    risk 0.00cvss epss 0.01

    Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

  • CVE-2023-34130Jul 13, 2023
    risk 0.00cvss epss 0.00

    SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

  • CVE-2023-34128Jul 13, 2023
    risk 0.00cvss epss 0.01

    Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

  • CVE-2023-34126Jul 13, 2023
    risk 0.00cvss epss 0.01

    Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

  • CVE-2023-34123Jul 12, 2023
    risk 0.00cvss epss 0.01

    Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

  • CVE-2023-1101Mar 2, 2023
    risk 0.00cvss epss 0.01

    SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.

  • CVE-2023-0655Feb 14, 2023
    risk 0.00cvss epss 0.01

    SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses.

  • CVE-2021-20030Oct 13, 2022
    risk 0.00cvss epss 0.01

    SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files.

  • CVE-2022-2915Aug 26, 2022
    risk 0.00cvss epss 0.01

    A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions.

  • CVE-2022-2324Jul 29, 2022
    risk 0.00cvss epss 0.01

    Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions

  • CVE-2022-22280Jul 29, 2022
    risk 0.00cvss epss 0.09

    Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.

  • CVE-2022-1703Jun 3, 2022
    risk 0.00cvss epss 0.11

    Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.

  • CVE-2022-22282May 13, 2022
    risk 0.00cvss epss 0.07

    SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability.

  • CVE-2022-22281May 13, 2022
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system.

  • CVE-2022-1702May 13, 2022
    risk 0.00cvss epss 0.08

    SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.

  • CVE-2022-1701May 13, 2022
    risk 0.00cvss epss 0.04

    SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.

  • CVE-2021-20051May 4, 2022
    risk 0.00cvss epss 0.01

    SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system.

  • CVE-2022-22278Apr 27, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack

  • CVE-2022-22277Apr 27, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext.

  • CVE-2022-22276Apr 27, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user.

  • CVE-2022-22275Apr 27, 2022
    risk 0.00cvss epss 0.01

    Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable.

  • CVE-2022-22279Apr 13, 2022
    risk 0.00cvss epss 0.01

    A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and…

  • CVE-2022-22273Mar 17, 2022
    risk 0.00cvss epss 0.02

    Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x,…

  • CVE-2022-22703Jan 17, 2022
    risk 0.00cvss epss 0.00

    In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer.

  • CVE-2021-20048Jan 7, 2022
    risk 0.00cvss epss 0.02

    A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware…

  • CVE-2021-20046Jan 7, 2022
    risk 0.00cvss epss 0.02

    A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware…

  • CVE-2021-20049Dec 23, 2021
    risk 0.00cvss epss 0.01

    A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.

  • CVE-2021-20047Dec 8, 2021
    risk 0.00cvss epss 0.01

    SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system.

  • CVE-2021-20043Dec 8, 2021
    risk 0.00cvss epss 0.23

    A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

  • CVE-2021-20041Dec 8, 2021
    risk 0.00cvss epss 0.07

    An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

  • CVE-2021-20037Sep 21, 2021
    risk 0.00cvss epss 0.00

    SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier.

  • CVE-2021-28993Jun 30, 2021
    risk 0.00cvss epss 0.01

    Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact is: obtain sensitive information (remote).

  • CVE-2021-20019Jun 23, 2021
    risk 0.00cvss epss 0.01

    A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.

  • CVE-2021-20027Jun 14, 2021
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.

  • CVE-2021-20026May 27, 2021
    risk 0.00cvss epss 0.12

    A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions.

  • CVE-2021-20025May 13, 2021
    risk 0.00cvss epss 0.00

    SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance…

  • CVE-2021-20020Apr 10, 2021
    risk 0.00cvss epss 0.04

    A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.

  • CVE-2021-20018Mar 13, 2021
    risk 0.00cvss epss 0.01

    A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.

  • CVE-2021-20017Mar 13, 2021
    risk 0.00cvss epss 0.02

    A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.

  • CVE-2020-5148Mar 5, 2021
    risk 0.00cvss epss 0.01

    SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker…

  • CVE-2020-5146Jan 9, 2021
    risk 0.00cvss epss 0.02

    A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 Appliance version 10.2.0.2-20sv and earlier.

  • CVE-2020-5145Oct 28, 2020
    risk 0.00cvss epss 0.01

    SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system.

  • CVE-2020-5144Oct 28, 2020
    risk 0.00cvss epss 0.01

    SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.

  • CVE-2020-5143Oct 12, 2020
    risk 0.00cvss epss 0.02

    SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3,…

  • CVE-2020-5141Oct 12, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7…

  • CVE-2020-5142Oct 12, 2020
    risk 0.00cvss epss 0.01

    A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version…

  • CVE-2020-5138Oct 12, 2020
    risk 0.00cvss epss 0.02

    A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12,…

Page 4 of 5