Vulnerabilities > Sonicwall > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-04 | CVE-2021-20051 | Uncontrolled Search Path Element vulnerability in Sonicwall Global VPN Client 4.10.4.0314/4.10.6/4.10.7.1117 SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. | 7.8 |
| 2022-04-27 | CVE-2022-22275 | Unspecified vulnerability in Sonicwall Sonicos Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable. | 7.5 |
| 2022-04-27 | CVE-2022-22278 | Allocation of Resources Without Limits or Throttling vulnerability in Sonicwall products A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack | 7.5 |
| 2022-03-10 | CVE-2022-0847 | Improper Initialization vulnerability in multiple products A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. | 7.8 |
| 2022-01-10 | CVE-2021-20046 | Out-of-bounds Write vulnerability in Sonicwall Sonicos A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. | 8.8 |
| 2022-01-10 | CVE-2021-20048 | Out-of-bounds Write vulnerability in Sonicwall Sonicos A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. | 8.8 |
| 2021-12-23 | CVE-2021-20049 | Information Exposure Through Discrepancy vulnerability in Sonicwall products A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. | 7.5 |
| 2021-12-23 | CVE-2021-20050 | Unspecified vulnerability in Sonicwall products An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. | 7.5 |
| 2021-12-08 | CVE-2021-20039 | OS Command Injection vulnerability in Sonicwall products Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. | 8.8 |
| 2021-12-08 | CVE-2021-20040 | Path Traversal vulnerability in Sonicwall products A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. | 7.5 |