Vulnerabilities > Sonicwall
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-10 | CVE-2021-20020 | Improper Authentication vulnerability in Sonicwall Global Management System 9.3 A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. | 9.8 |
| 2021-04-09 | CVE-2021-20022 | Unrestricted Upload of File with Dangerous Type vulnerability in Sonicwall Email Security and Hosted Email Security SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. | 7.2 |
| 2021-04-09 | CVE-2021-20021 | Improper Privilege Management vulnerability in Sonicwall Email Security and Hosted Email Security A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. | 9.8 |
| 2021-03-25 | CVE-2021-3450 | Improper Certificate Validation vulnerability in multiple products The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. | 7.4 |
| 2021-03-25 | CVE-2021-3449 | NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. | 5.9 |
| 2021-03-13 | CVE-2021-20018 | Improper Authentication vulnerability in Sonicwall Sma100 Firmware 10.2.0.0/10.2.0.220Sv/10.2.0.5 A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. | 4.9 |
| 2021-03-13 | CVE-2021-20017 | OS Command Injection vulnerability in Sonicwall Sma100 Firmware 10.2.0.0/10.2.0.220Sv/10.2.0.5 A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. | 8.8 |
| 2021-03-05 | CVE-2020-5148 | Improper Authentication vulnerability in Sonicwall Directory Services Connector SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls. | 8.2 |
| 2021-02-04 | CVE-2021-20016 | SQL Injection vulnerability in Sonicwall products A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. | 9.8 |
| 2021-01-09 | CVE-2020-5147 | Unquoted Search Path or Element vulnerability in Sonicwall Netextender SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. | 5.3 |