Vulnerabilities > Sonicwall
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-14 | CVE-2023-0655 | Information Exposure Through an Error Message vulnerability in Sonicwall Email Security 10.0.9 SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses. | 5.3 |
| 2023-01-19 | CVE-2023-0126 | Path Traversal vulnerability in Sonicwall Sma1000 Firmware 12.4.2 Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory. | 7.5 |
| 2022-10-13 | CVE-2021-20030 | Path Traversal vulnerability in Sonicwall Global Management System SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files. | 7.5 |
| 2022-06-08 | CVE-2022-1703 | OS Command Injection vulnerability in Sonicwall products Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack. | 9.0 |
| 2022-05-13 | CVE-2022-1701 | Use of Hard-coded Credentials vulnerability in Sonicwall products SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data. | 7.5 |
| 2022-05-13 | CVE-2022-1702 | Open Redirect vulnerability in Sonicwall products SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability. | 6.1 |
| 2022-05-13 | CVE-2022-22281 | Classic Buffer Overflow vulnerability in Sonicwall Netextender A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system. | 7.2 |
| 2022-05-13 | CVE-2022-22282 | Unspecified vulnerability in Sonicwall products SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability. | 9.8 |
| 2022-05-04 | CVE-2021-20051 | Uncontrolled Search Path Element vulnerability in Sonicwall Global VPN Client 4.10.4.0314/4.10.6 SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. | 6.9 |
| 2022-04-27 | CVE-2022-22275 | Unspecified vulnerability in Sonicwall Sonicos 7.0.0.0/7.0.1.0 Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable. | 5.0 |