Filtered by vendor Sonicwall
Subscribe
Total
198 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-40600 | 1 Sonicwall | 23 Nsa 2700, Nsa 3700, Nsa 4700 and 20 more | 2025-08-11 | N/A | 9.8 CRITICAL |
| Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption. | |||||
| CVE-2021-44228 | 12 Apache, Apple, Bentley and 9 more | 167 Log4j, Xcode, Synchro and 164 more | 2025-08-08 | 9.3 HIGH | 10.0 CRITICAL |
| Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. | |||||
| CVE-2025-40596 | 1 Sonicwall | 6 Sma 210, Sma 210 Firmware, Sma 410 and 3 more | 2025-08-07 | N/A | 7.3 HIGH |
| A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution. | |||||
| CVE-2025-40597 | 1 Sonicwall | 6 Sma 210, Sma 210 Firmware, Sma 410 and 3 more | 2025-08-07 | N/A | 7.5 HIGH |
| A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution. | |||||
| CVE-2025-40598 | 1 Sonicwall | 6 Sma 210, Sma 210 Firmware, Sma 410 and 3 more | 2025-08-07 | N/A | 6.1 MEDIUM |
| A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code. | |||||
| CVE-2021-20022 | 1 Sonicwall | 2 Email Security, Hosted Email Security | 2025-07-30 | 6.5 MEDIUM | 7.2 HIGH |
| SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. | |||||
| CVE-2021-20038 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2025-07-30 | 7.5 HIGH | 9.8 CRITICAL |
| A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions. | |||||
| CVE-2009-2631 | 4 Aladdin, Cisco, Sonicwall and 1 more | 5 Safenet Securewire Access Gateway, Adaptive Security Appliance, E-class Ssl Vpn and 2 more | 2025-06-16 | 6.8 MEDIUM | N/A |
| Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design | |||||
| CVE-2023-6340 | 1 Sonicwall | 2 Capture Client, Netextender | 2025-06-11 | N/A | 5.5 MEDIUM |
| SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability. | |||||
| CVE-2025-32819 | 1 Sonicwall | 12 Sma 100, Sma 100 Firmware, Sma 200 and 9 more | 2025-05-19 | N/A | 8.8 HIGH |
| A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. | |||||
| CVE-2025-32820 | 1 Sonicwall | 12 Sma 100, Sma 100 Firmware, Sma 200 and 9 more | 2025-05-19 | N/A | 8.8 HIGH |
| A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable. | |||||
| CVE-2025-32821 | 1 Sonicwall | 12 Sma 100, Sma 100 Firmware, Sma 200 and 9 more | 2025-05-19 | N/A | 7.2 HIGH |
| A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance. | |||||
| CVE-2021-20030 | 1 Sonicwall | 1 Global Management System | 2025-05-16 | N/A | 7.5 HIGH |
| SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files. | |||||
| CVE-2025-2170 | 1 Sonicwall | 2 Sma1000, Sma1000 Firmware | 2025-05-14 | N/A | 7.2 HIGH |
| A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location. | |||||
| CVE-2018-9866 | 1 Sonicwall | 1 Global Management System | 2025-05-05 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier. | |||||
| CVE-2023-41715 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2025-05-02 | N/A | 8.8 HIGH |
| SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel. | |||||
| CVE-2023-44221 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2025-05-02 | N/A | 7.2 HIGH |
| Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability. | |||||
| CVE-2023-34133 | 1 Sonicwall | 2 Analytics, Global Management System | 2025-04-23 | N/A | 7.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
| CVE-2023-34127 | 1 Sonicwall | 2 Analytics, Global Management System | 2025-04-23 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
| CVE-2021-20035 | 1 Sonicwall | 9 Sma 200, Sma 200 Firmware, Sma 210 and 6 more | 2025-04-17 | 6.8 MEDIUM | 6.5 MEDIUM |
| Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. | |||||