Filtered by vendor Sonicwall
Subscriptions
Total
196 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20028 | 1 Sonicwall | 12 Sma 210, Sma 210 Firmware, Sma 410 and 9 more | 2025-03-14 | 9.8 Critical |
| Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier | ||||
| CVE-2021-45046 | 8 Apache, Cvat, Debian and 5 more | 71 Log4j, Computer Vision Annotation Tool, Debian Linux and 68 more | 2025-03-12 | 9 Critical |
| It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. | ||||
| CVE-2023-1101 | 1 Sonicwall | 68 Nsa 2600, Nsa 2650, Nsa 2700 and 65 more | 2025-03-07 | 8.8 High |
| SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. | ||||
| CVE-2023-0656 | 1 Sonicwall | 32 Nsa 2700, Nsa 3700, Nsa 4700 and 29 more | 2025-03-07 | 7.5 High |
| A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. | ||||
| CVE-2024-53704 | 1 Sonicwall | 24 Nsa 2700, Nsa 3700, Nsa 4700 and 21 more | 2025-02-19 | 8.2 High |
| An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. | ||||
| CVE-2023-34132 | 1 Sonicwall | 2 Analytics, Global Management System | 2025-02-13 | 9.8 Critical |
| Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | ||||
| CVE-2022-47522 | 2 Ieee, Sonicwall | 59 Ieee 802.11, Soho 250, Soho 250 Firmware and 56 more | 2025-02-06 | 7.5 High |
| The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key. | ||||
| CVE-2024-45318 | 1 Sonicwall | 1 Sma100 Firmware | 2024-12-09 | 8.1 High |
| A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution. | ||||
| CVE-2024-53703 | 1 Sonicwall | 1 Sma100 Firmware | 2024-12-07 | 8.1 High |
| A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution. | ||||
| CVE-2024-40763 | 1 Sonicwall | 1 Sma100 Firmware | 2024-12-07 | 7.5 High |
| Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution. | ||||
| CVE-2024-22395 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2024-12-05 | 6.3 Medium |
| Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application. | ||||
| CVE-2024-53702 | 1 Sonicwall | 1 Sma100 Firmware | 2024-12-05 | 5.3 Medium |
| Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret. | ||||
| CVE-2024-29014 | 1 Sonicwall | 1 Netextender | 2024-11-27 | 7.1 High |
| Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update. | ||||
| CVE-2024-40764 | 1 Sonicwall | 32 Nsa 2700, Nsa 3700, Nsa 4700 and 29 more | 2024-11-21 | 7.5 High |
| Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS). | ||||
| CVE-2024-22394 | 1 Sonicwall | 22 Nsa 2700, Nsa 3700, Nsa 4700 and 19 more | 2024-11-21 | 9.8 Critical |
| An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040. | ||||
| CVE-2023-6340 | 1 Sonicwall | 2 Capture Client, Netextender | 2024-11-21 | 5.5 Medium |
| SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability. | ||||
| CVE-2023-5970 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2024-11-21 | 8.8 High |
| Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass. | ||||
| CVE-2023-44220 | 1 Sonicwall | 1 Netextender | 2024-11-21 | 7.3 High |
| SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system. | ||||
| CVE-2023-44219 | 2 Microsoft, Sonicwall | 2 Windows, Directory Services Connector | 2024-11-21 | 7.8 High |
| A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature. | ||||
| CVE-2023-44218 | 1 Sonicwall | 1 Netextender | 2024-11-21 | 8.8 High |
| A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability. | ||||