Vulnerabilities > Sonicwall > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-08 | CVE-2021-20041 | Infinite Loop vulnerability in Sonicwall products An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. | 7.5 |
| 2021-12-08 | CVE-2021-20043 | Out-of-bounds Write vulnerability in Sonicwall products A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. | 8.8 |
| 2021-12-08 | CVE-2021-20044 | OS Command Injection vulnerability in Sonicwall products A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. | 8.8 |
| 2021-12-08 | CVE-2021-20047 | Uncontrolled Search Path Element vulnerability in Sonicwall Global VPN Client SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. | 7.8 |
| 2021-09-21 | CVE-2021-20037 | Incorrect Default Permissions vulnerability in Sonicwall Global VPN Client 4.10.4.0314 SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. | 7.8 |
| 2021-07-20 | CVE-2021-33909 | Integer Overflow or Wraparound vulnerability in multiple products fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. | 7.8 |
| 2021-07-09 | CVE-2021-20024 | Out-of-bounds Read vulnerability in Sonicwall Switch Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations. | 8.1 |
| 2021-06-23 | CVE-2021-20019 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability. | 7.5 |
| 2021-06-14 | CVE-2021-20027 | Classic Buffer Overflow vulnerability in Sonicwall Sonicos A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. | 7.5 |
| 2021-05-27 | CVE-2021-20026 | OS Command Injection vulnerability in Sonicwall Network Security Manager 2.2.0 A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. | 8.8 |