Vulnerabilidades en SonicWall
187 resultadosCVE-2021-20025—SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at iniEPSS 0.4%CVE-2025-23009HIGHA local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arEPSS 0.3%CVE-2026-0402MEDIUMA post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.EPSS 0.3%CVE-2026-0401MEDIUMA post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.EPSS 0.3%CVE-2024-53706HIGHA vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges toEPSS 0.3%CVE-2024-53702MEDIUMUse of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that,EPSS 0.3%CVE-2026-0399MEDIUMMultiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checkingEPSS 0.3%CVE-2026-3470LOWA vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowiEPSS 0.3%CVE-2025-40595HIGHA Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded UREPSS 0.3%CVE-2025-23008HIGHAn improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker EPSS 0.3%CVE-2025-2170HIGHA Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific condEPSS 0.3%CVE-2023-44220—SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in thEPSS 0.3%CVE-2025-40605MEDIUMA Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injEPSS 0.3%CVE-2025-32817MEDIUMA Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorizEPSS 0.3%CVE-2023-34130—SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects EPSS 0.3%CVE-2024-45316HIGHThe Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlierEPSS 0.3%CVE-2026-3439MEDIUMA post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewallEPSS 0.3%CVE-2024-45315MEDIUMThe Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlierEPSS 0.2%CVE-2024-45319MEDIUMA vulnerability in the SonicWall SMA100 SSLVPN
firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can cirEPSS 0.2%CVE-2026-3468MEDIUMA stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralizatiEPSS 0.2%