Vulnerabilities > Sonicwall
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-23 | CVE-2024-40766 | Unspecified vulnerability in Sonicwall Sonicos An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. | 9.8 |
| 2024-07-18 | CVE-2024-29014 | Unspecified vulnerability in Sonicwall Netextender Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update. | 8.8 |
| 2024-07-18 | CVE-2024-40764 | Out-of-bounds Write vulnerability in Sonicwall Sonicos Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS). | 7.5 |
| 2024-07-09 | CVE-2024-3596 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in multiple products RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. | 9.0 |
| 2024-06-20 | CVE-2024-29012 | Out-of-bounds Write vulnerability in Sonicwall Sonicos Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function. | 7.5 |
| 2024-06-20 | CVE-2024-29013 | Out-of-bounds Write vulnerability in Sonicwall Sonicos Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function. | 6.5 |
| 2024-02-24 | CVE-2024-22395 | Unspecified vulnerability in Sonicwall products Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application. | 6.3 |
| 2024-02-08 | CVE-2024-22394 | Improper Authentication vulnerability in Sonicwall Sonicos 7.1.17040 An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040. | 9.8 |
| 2024-01-18 | CVE-2023-6340 | Out-of-bounds Write vulnerability in Sonicwall Capture Client and Netextender SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. | 5.5 |
| 2023-12-05 | CVE-2023-44221 | OS Command Injection vulnerability in Sonicwall products Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability. | 7.2 |