Vulnerabilities > Sonicwall
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-25 | CVE-2021-3450 | Improper Certificate Validation vulnerability in multiple products The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. | 7.4 |
| 2021-03-25 | CVE-2021-3449 | NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. | 5.9 |
| 2021-03-13 | CVE-2021-20018 | Improper Authentication vulnerability in Sonicwall Sma100 Firmware 10.2.0.0/10.2.0.220Sv/10.2.0.5 A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. | 4.9 |
| 2021-03-13 | CVE-2021-20017 | OS Command Injection vulnerability in Sonicwall Sma100 Firmware 10.2.0.0/10.2.0.220Sv/10.2.0.5 A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. | 8.8 |
| 2021-03-05 | CVE-2020-5148 | Improper Authentication vulnerability in Sonicwall Directory Services Connector SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls. | 8.2 |
| 2021-02-04 | CVE-2021-20016 | SQL Injection vulnerability in Sonicwall products A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. | 9.8 |
| 2021-01-09 | CVE-2020-5147 | Unquoted Search Path or Element vulnerability in Sonicwall Netextender SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. | 5.3 |
| 2021-01-09 | CVE-2020-5146 | OS Command Injection vulnerability in Sonicwall SMA 100 Firmware A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. | 7.2 |
| 2020-10-28 | CVE-2020-5145 | Uncontrolled Search Path Element vulnerability in Sonicwall Global VPN Client 4.10.4.0314 SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. | 8.6 |
| 2020-10-28 | CVE-2020-5144 | Untrusted Search Path vulnerability in Sonicwall Global VPN Client 4.10.4.0314 SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability. | 7.8 |