Vulnerabilities > Sonicwall > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-07 | CVE-2025-32819 | Unspecified vulnerability in Sonicwall products A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. | 8.8 |
| 2025-05-07 | CVE-2025-32820 | Unspecified vulnerability in Sonicwall products A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable. | 8.8 |
| 2025-05-07 | CVE-2025-32821 | Unspecified vulnerability in Sonicwall products A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance. | 7.2 |
| 2024-07-18 | CVE-2024-29014 | Unspecified vulnerability in Sonicwall Netextender Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update. | 8.8 |
| 2024-07-18 | CVE-2024-40764 | Out-of-bounds Write vulnerability in Sonicwall Sonicos Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS). | 7.5 |
| 2024-06-20 | CVE-2024-29012 | Out-of-bounds Write vulnerability in Sonicwall Sonicos Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function. | 7.5 |
| 2023-12-05 | CVE-2023-44221 | OS Command Injection vulnerability in Sonicwall products Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability. | 7.2 |
| 2023-12-05 | CVE-2023-5970 | Improper Authentication vulnerability in Sonicwall products Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass. | 8.8 |
| 2023-10-27 | CVE-2023-44219 | Improper Privilege Management vulnerability in Sonicwall Directory Services Connector A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature. | 7.8 |
| 2023-10-27 | CVE-2023-44220 | Uncontrolled Search Path Element vulnerability in Sonicwall Netextender SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. | 7.3 |