Vulnerabilities > Sonicwall
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-08 | CVE-2021-20043 | Out-of-bounds Write vulnerability in Sonicwall products A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. | 8.8 |
| 2021-12-08 | CVE-2021-20044 | OS Command Injection vulnerability in Sonicwall products A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. | 8.8 |
| 2021-12-08 | CVE-2021-20045 | Classic Buffer Overflow vulnerability in Sonicwall products A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. | 9.8 |
| 2021-12-08 | CVE-2021-20047 | Uncontrolled Search Path Element vulnerability in Sonicwall Global VPN Client SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. | 7.8 |
| 2021-10-12 | CVE-2021-20031 | Open Redirect vulnerability in Sonicwall Sonicos A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains. | 6.1 |
| 2021-09-27 | CVE-2021-20034 | Path Traversal vulnerability in Sonicwall products An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. | 9.1 |
| 2021-09-27 | CVE-2021-20035 | OS Command Injection vulnerability in Sonicwall products Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. | 6.5 |
| 2021-09-21 | CVE-2021-20037 | Incorrect Default Permissions vulnerability in Sonicwall Global VPN Client 4.10.4.0314 SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. | 7.8 |
| 2021-08-10 | CVE-2021-20032 | Unspecified vulnerability in Sonicwall Analytics 2.5.0.3/2.5.2518 SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. | 9.8 |
| 2021-08-04 | CVE-2021-20028 | SQL Injection vulnerability in Sonicwall products Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier | 9.8 |