Vulnerabilities > Sonicwall > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-02 | CVE-2023-0656 | Out-of-bounds Write vulnerability in Sonicwall Sonicos A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. | 7.5 |
| 2023-03-02 | CVE-2023-1101 | Improper Restriction of Excessive Authentication Attempts vulnerability in Sonicwall Sonicos SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. | 8.8 |
| 2023-01-19 | CVE-2023-0126 | Path Traversal vulnerability in Sonicwall Sma1000 Firmware 12.4.2 Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory. | 7.5 |
| 2022-10-13 | CVE-2021-20030 | Path Traversal vulnerability in Sonicwall Global Management System SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files. | 7.5 |
| 2022-08-26 | CVE-2022-2915 | Out-of-bounds Write vulnerability in Sonicwall products A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. | 8.8 |
| 2022-07-29 | CVE-2022-2324 | Authentication Bypass by Spoofing vulnerability in Sonicwall Email Security 10.0.9 Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. | 7.5 |
| 2022-07-29 | CVE-2022-2323 | Command Injection vulnerability in Sonicwall products Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. | 8.8 |
| 2022-06-08 | CVE-2022-1703 | OS Command Injection vulnerability in Sonicwall products Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack. | 8.8 |
| 2022-05-13 | CVE-2022-1701 | Use of Hard-coded Credentials vulnerability in Sonicwall products SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data. | 7.5 |
| 2022-05-13 | CVE-2022-22281 | Classic Buffer Overflow vulnerability in Sonicwall Netextender A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system. | 7.8 |