Vulnerabilities > Sonicwall
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-29 | CVE-2022-2323 | Command Injection vulnerability in Sonicwall products Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. | 8.8 |
| 2022-06-08 | CVE-2022-1703 | OS Command Injection vulnerability in Sonicwall products Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack. | 8.8 |
| 2022-05-13 | CVE-2022-1701 | Use of Hard-coded Credentials vulnerability in Sonicwall products SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data. | 7.5 |
| 2022-05-13 | CVE-2022-1702 | Open Redirect vulnerability in Sonicwall products SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability. | 6.1 |
| 2022-05-13 | CVE-2022-22281 | Classic Buffer Overflow vulnerability in Sonicwall Netextender A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system. | 7.8 |
| 2022-05-13 | CVE-2022-22282 | Unspecified vulnerability in Sonicwall products SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability. | 9.8 |
| 2022-05-04 | CVE-2021-20051 | Uncontrolled Search Path Element vulnerability in Sonicwall Global VPN Client 4.10.4.0314/4.10.6/4.10.7.1117 SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. | 7.8 |
| 2022-04-27 | CVE-2022-22275 | Unspecified vulnerability in Sonicwall Sonicos Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable. | 7.5 |
| 2022-04-27 | CVE-2022-22276 | Information Exposure vulnerability in Sonicwall products A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user. | 5.3 |
| 2022-04-27 | CVE-2022-22277 | Information Exposure vulnerability in Sonicwall products A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext. | 5.3 |