Vulnerabilities in SonicWall
187 resultsCVE-2023-34135—Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlyiEPSS 1.2%CVE-2023-34134—Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to reaEPSS 1.2%CVE-2024-22396MEDIUMAn Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of SEPSS 1.1%CVE-2019-7478—A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8EPSS 1.1%CVE-2020-5134—A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulEPSS 1.1%CVE-2020-5136—A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assiEPSS 1.1%CVE-2025-40601HIGHA Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of ServicEPSS 1.1%CVE-2020-5142—A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to sEPSS 1.1%CVE-2024-22397HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticaEPSS 1.1%CVE-2024-45318HIGHA vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potEPSS 1.0%CVE-2022-22279—A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versionEPSS 1.0%CVE-2022-22275—Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake poEPSS 1.0%CVE-2024-40762CRITICALUse of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain caEPSS 1.0%CVE-2020-5132—SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collisionEPSS 1.0%CVE-2024-40763HIGHHeap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackersEPSS 0.9%CVE-2019-7479—A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SoEPSS 0.9%CVE-2023-5970—Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external dEPSS 0.9%CVE-2021-20050—An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user lEPSS 0.9%CVE-2024-22398MEDIUMAn improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could alEPSS 0.9%CVE-2023-34137—SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authenticatioEPSS 0.9%