Vulnerabilities > Sonicwall
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-20 | CVE-2021-33909 | Integer Overflow or Wraparound vulnerability in multiple products fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. | 7.8 |
| 2021-07-09 | CVE-2021-20024 | Out-of-bounds Read vulnerability in Sonicwall Switch Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations. | 8.1 |
| 2021-06-23 | CVE-2021-20019 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability. | 7.5 |
| 2021-06-14 | CVE-2021-20027 | Classic Buffer Overflow vulnerability in Sonicwall Sonicos A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. | 7.5 |
| 2021-05-27 | CVE-2021-20026 | OS Command Injection vulnerability in Sonicwall Network Security Manager 2.2.0 A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. | 8.8 |
| 2021-05-13 | CVE-2021-20025 | Use of Hard-coded Credentials vulnerability in Sonicwall Email Security Virtual Appliance SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. | 7.8 |
| 2021-04-20 | CVE-2021-20023 | Path Traversal vulnerability in Sonicwall Email Security and Hosted Email Security SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host. | 4.9 |
| 2021-04-10 | CVE-2021-20020 | Improper Authentication vulnerability in Sonicwall Global Management System 9.3 A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. | 9.8 |
| 2021-04-09 | CVE-2021-20022 | Unrestricted Upload of File with Dangerous Type vulnerability in Sonicwall Email Security and Hosted Email Security SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. | 7.2 |
| 2021-04-09 | CVE-2021-20021 | Improper Privilege Management vulnerability in Sonicwall Email Security and Hosted Email Security A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. | 9.8 |