Vulnerabilities in SonicWall
187 resultsCVE-2023-0655MEDIUMSonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes EPSS 0.7%CVE-2024-53705HIGHA Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection tEPSS 0.7%CVE-2024-40764HIGHHeap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS)EPSS 0.7%CVE-2024-12805HIGHA post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads tEPSS 0.7%CVE-2021-20051—SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability iEPSS 0.7%CVE-2023-34131—Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker EPSS 0.7%CVE-2019-7474—A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloaEPSS 0.7%CVE-2023-1101HIGHSonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.EPSS 0.7%CVE-2023-34123—Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versiEPSS 0.7%CVE-2021-20018—A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. TEPSS 0.7%CVE-2023-34136—Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the EPSS 0.7%CVE-2023-41715HIGHSonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privilegEPSS 0.7%CVE-2024-29013MEDIUMHeap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) viaEPSS 0.6%CVE-2021-20024—Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability orEPSS 0.6%CVE-2023-34126—Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileEPSS 0.6%CVE-2024-29010HIGHThe XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE) injection, potentially resulting in the diEPSS 0.6%CVE-2024-12806MEDIUMA post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file.EPSS 0.6%CVE-2026-4112HIGHImproper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote EPSS 0.6%CVE-2026-4114MEDIUMImproper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP aEPSS 0.6%CVE-2023-41713—SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.EPSS 0.6%