Filtered by vendor Sonicwall
Subscribe
Total
149 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-20045 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2021-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | |||||
CVE-2021-20047 | 1 Sonicwall | 1 Global Vpn Client | 2021-12-10 | 6.9 MEDIUM | 7.8 HIGH |
SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system. | |||||
CVE-2019-7476 | 1 Sonicwall | 1 Global Management System | 2021-11-03 | 6.8 MEDIUM | 8.1 HIGH |
A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier. | |||||
CVE-2021-20031 | 1 Sonicwall | 59 Nsa 2650, Nsa 2700, Nsa 3650 and 56 more | 2021-10-19 | 5.8 MEDIUM | 6.1 MEDIUM |
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains. | |||||
CVE-2020-5138 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
CVE-2021-20035 | 1 Sonicwall | 9 Sma 200, Sma 200 Firmware, Sma 210 and 6 more | 2021-10-06 | 6.8 MEDIUM | 6.5 MEDIUM |
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. | |||||
CVE-2021-20037 | 1 Sonicwall | 1 Global Vpn Client | 2021-10-05 | 7.2 HIGH | 7.8 HIGH |
SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier. | |||||
CVE-2020-5147 | 1 Sonicwall | 1 Netextender | 2021-09-21 | 4.6 MEDIUM | 5.3 MEDIUM |
SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier. | |||||
CVE-2019-7481 | 1 Sonicwall | 2 Sma 100, Sma 100 Firmware | 2021-09-14 | 5.0 MEDIUM | 7.5 HIGH |
Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier. | |||||
CVE-2021-20027 | 1 Sonicwall | 59 Nsa 2650, Nsa 2700, Nsa 3650 and 56 more | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls. | |||||
CVE-2021-20032 | 1 Sonicwall | 1 Analytics | 2021-08-19 | 7.5 HIGH | 9.8 CRITICAL |
SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and earlier. | |||||
CVE-2018-3639 | 12 Arm, Canonical, Debian and 9 more | 321 Cortex-a, Ubuntu Linux, Debian Linux and 318 more | 2021-08-13 | 2.1 LOW | 5.5 MEDIUM |
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. | |||||
CVE-2021-20028 | 1 Sonicwall | 6 Sma 210, Sma 210 Firmware, Sma 410 and 3 more | 2021-08-11 | 7.5 HIGH | 9.8 CRITICAL |
** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier. | |||||
CVE-2021-20024 | 1 Sonicwall | 8 Switch, Sws12-10fpoe, Sws12-8 and 5 more | 2021-07-16 | 6.8 MEDIUM | 8.1 HIGH |
Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations. | |||||
CVE-2021-20026 | 1 Sonicwall | 1 Network Security Manager | 2021-06-08 | 9.0 HIGH | 8.8 HIGH |
A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions. | |||||
CVE-2021-20025 | 1 Sonicwall | 1 Email Security Virtual Appliance | 2021-06-04 | 6.9 MEDIUM | 7.8 HIGH |
SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance remotely only when the device is freshly installed and not connected to Mysonicwall. | |||||
CVE-2021-20020 | 1 Sonicwall | 1 Global Management System | 2021-04-15 | 10.0 HIGH | 9.8 CRITICAL |
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. | |||||
CVE-2021-20021 | 1 Sonicwall | 2 Email Security, Hosted Email Security | 2021-04-14 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. | |||||
CVE-2021-20022 | 1 Sonicwall | 2 Email Security, Hosted Email Security | 2021-04-14 | 6.5 MEDIUM | 7.2 HIGH |
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. | |||||
CVE-2021-20018 | 1 Sonicwall | 2 Sma100, Sma100 Firmware | 2021-03-19 | 4.0 MEDIUM | 4.9 MEDIUM |
A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. |