Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Sonicwall Subscribe
Total 149 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-12261 6 Belden, Netapp, Oracle and 3 more 51 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 48 more 2022-08-12 7.5 HIGH 9.8 CRITICAL
Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.
CVE-2019-12263 5 Belden, Netapp, Siemens and 2 more 50 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 47 more 2022-08-12 6.8 MEDIUM 8.1 HIGH
Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.
CVE-2019-12258 5 Belden, Netapp, Siemens and 2 more 50 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 47 more 2022-08-12 5.0 MEDIUM 7.5 HIGH
Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.
CVE-2019-12265 5 Belden, Netapp, Siemens and 2 more 50 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 47 more 2022-08-12 5.0 MEDIUM 5.3 MEDIUM
Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.
CVE-2019-12260 6 Belden, Netapp, Oracle and 3 more 51 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 48 more 2022-08-12 7.5 HIGH 9.8 CRITICAL
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.
CVE-2022-2324 1 Sonicwall 1 Email Security 2022-08-08 N/A 7.5 HIGH
Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions
CVE-2022-22280 1 Sonicwall 2 Analytics, Global Management System 2022-08-08 N/A 9.8 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.
CVE-2022-2323 1 Sonicwall 14 Sws12-10fpoe, Sws12-10fpoe Firmware, Sws12-8 and 11 more 2022-08-08 N/A 8.8 HIGH
Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versions
CVE-2021-20019 1 Sonicwall 2 Sonicos, Sonicosv 2022-08-05 5.0 MEDIUM 7.5 HIGH
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.
CVE-2022-22282 1 Sonicwall 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more 2022-07-21 7.5 HIGH 9.8 CRITICAL
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability.
CVE-2021-20023 1 Sonicwall 2 Email Security, Hosted Email Security 2022-07-14 4.0 MEDIUM 4.9 MEDIUM
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.
CVE-2021-20034 1 Sonicwall 9 Sma 200, Sma 200 Firmware, Sma 210 and 6 more 2022-07-08 6.4 MEDIUM 9.1 CRITICAL
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
CVE-2021-20049 1 Sonicwall 12 Sma100, Sma200, Sma210 and 9 more 2022-07-08 5.0 MEDIUM 7.5 HIGH
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.
CVE-2001-1104 1 Sonicwall 2 Soho, Soho Firmware 2022-06-28 7.5 HIGH N/A
SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions.
CVE-2005-1006 1 Sonicwall 2 Soho, Soho Firmware 2022-06-23 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file.
CVE-2008-4918 1 Sonicwall 4 Pro 2040, Sonicos Enhanced, Tz 180 and 1 more 2022-06-17 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."
CVE-2022-1703 1 Sonicwall 6 Sma 210, Sma 210 Firmware, Sma 410 and 3 more 2022-06-16 9.0 HIGH 8.8 HIGH
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.
CVE-2019-12259 4 Belden, Siemens, Sonicwall and 1 more 49 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 46 more 2022-06-16 5.0 MEDIUM 7.5 HIGH
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.
CVE-2019-12255 5 Belden, Netapp, Siemens and 2 more 50 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 47 more 2022-06-16 7.5 HIGH 9.8 CRITICAL
Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow.
CVE-2018-5280 1 Sonicwall 8 Nsa 250m, Nsa 2600, Nsa 2650 and 5 more 2022-06-16 3.5 LOW 5.4 MEDIUM
SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens.