Vulnerabilities > Sonicwall
|2021-10-12||CVE-2021-20031|| Open Redirect vulnerability in Sonicwall Sonicos |
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.
| 5.8 |
|2021-09-27||CVE-2021-20034|| Improper Privilege Management vulnerability in Sonicwall products |
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
| 6.4 |
|2021-09-27||CVE-2021-20035|| OS Command Injection vulnerability in Sonicwall products |
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.
| 6.8 |
|2021-09-21||CVE-2021-20037|| Incorrect Default Permissions vulnerability in Sonicwall Global VPN Client 4.10.4.0314 |
SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system.
| 7.2 |
|2021-08-04||CVE-2021-20028|| SQL Injection vulnerability in Sonicwall products |
** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 18.104.22.168-26sv or earlier.
| 7.5 |
|2021-07-09||CVE-2021-20024|| Out-of-bounds Read vulnerability in Sonicwall Switch |
Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations.
| 6.8 |
|2021-06-23||CVE-2021-20019|| Information Exposure vulnerability in Sonicwall Sonicos and Sonicosv |
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.
| 5.0 |
|2021-06-14||CVE-2021-20027|| Classic Buffer Overflow vulnerability in Sonicwall Sonicos |
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request.
| 5.0 |
|2021-05-27||CVE-2021-20026|| OS Command Injection vulnerability in Sonicwall Network Security Manager 2.2.0 |
A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request.
| 9.0 |
|2021-05-13||CVE-2021-20025|| Use of Hard-coded Credentials vulnerability in Sonicwall Email Security Virtual Appliance |
SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup.
| 6.9 |