201 matches found
Global Management System (GMS) Unauthorized User SQL Injection
A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1. CVE: CVE-2019-7478 Last updated: Dec. 30, 2019, 8 p.m...
Email Security Unauthenticated Remote Code Execution
A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier. CVE: CVE-2019-7489 Last updated: Dec. 23, 2019, 8 p.m...
Linux Kernel Crypto Subsystem Vulnerability
A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each afalgctx was freed instead of when the aeadtfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user bein...
Dell SonicWALL Scrutinizer Multiple Security Vulnerabilities
Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi. CVE: CVE-2014-4976 Last updated: March 12, 2018, 5:23 p.m...
SonicWALL Aventail 'CategoryID' Parameter SQL Injection Vulnerability
SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. CVE: CVE-2011-5262 Last updated: Feb. 13, 2013, 5 a.m...
SonicWALL SOHO username denial of service
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page. CVE: CVE-2000-1097 Last updated: Oct. 10, 2017, 1:29 a.m...
SonicWall Email Security Affected By Multiple Vulnerabilities
1 CVE-2026-3468 - Stored Cross-Site Scripting XSS VulnerabilityA stored Cross-Site Scripting XSS vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker a...
SonicOS Use of Externally-Controlled Format String Vulnerability
Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.SonicWall strongly advises users of the SonicWall firewall products to upgrade to the mentioned fixed release version to address this...
SonicWall SMA100 Post-authentication Arbitrary File Upload vulnerability
An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution. SonicWall strongly recommends...
SonicOS Multiple Post-authentication Vulnerabilities
1 CVE-2024-12803 - SonicOS Post-authentication Stack-based buffer overflow vulnerabilityA post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. CVSS Score: 6.0 CVSS Vector:...
Stack-based buffer overflow vulnerability in SonicOS HTTP server
Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service DoS via sscanf function.SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made public and malicious use of this...
SonicOS SSLVPN Portal Stored Cross-site Scripting Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code. This vulnerability affects only SonicOS Gen7 firmware 7.0.1-5145,...
Integer-Based Buffer Overflow Vulnerability In SonicOS via IPSec
A Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service DoS and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.SonicWall PSIRT is not aware of active exploitation in the wild...
SonicOS Content-Length HTTP Header Stack Overflow Vulnerability
A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service DoS and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 6 and Gen 7 firmware versions. CVE:...
Authenticated SMA100 Arbitrary Command Injection Vulnerability
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution. CVE: CVE-2021-20035 Last updated: April 15, 2025, 3:50 p.m...
SonicWall NSM On-Prem authenticated command injection vulnerability
A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions. CVE: CVE-2021-20026 Last updated: May 27, 2021, 2:07 p.m...
SonicWall SSO-Agent NetAPI Vulnerability allows an attacker to force SSO Agent authentication, potentially leading to firewall access control bypass
SonicWall SSO-agent default configuration uses Microsoft NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypa...
SonicWall SSLVPN SMA100 authenticated command injection vulnerability
A vulnerability in the SonicWall SMA100 appliance allows an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 build version 10.2.0.2-20sv and earlier. CVE: CVE-2020-5146 Last updated: Jan. 9, 2021, 12:18 a.m...
SonicWall NetExtender windows client unquoted service path vulnerability
SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier. CVE: CVE-2020-5147 Last...
SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability
SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading DLL hijacking vulnerability. Successful exploitation could lead to remote code execution in the target system. CVE: CVE-2020-5145 Last updated: Oct. 28, 2020, 9:39 a.m...
SonicWall Global VPN client version 4.10.4.0314 and earlier allows privilege elevation through loaded process hijacking vulnerability
SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability. CVE: CVE-2020-5144 Last updated: Oct. 28, 2020, 9:31 a.m...
SonicOS SSLVPN unauthenticated Heap Overflow vulnerability allows a remote attacker to cause Denial of Service (DoS)
A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service DoS on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, and SonicO...
SonicOS SSLVPN External Service Interaction (DNS) Vulnerability
SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction DNS due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier. CVE: CVE-2020-5130 Last updated: July 16, 2020, 9:26 a.m...
SonicWall NetExtender arbitrary file write vulnerability
SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. CVE: CVE-2020-5131 Last updated: July 16, 2020, 9:01 a.m...
SonicWall SMA100 Pre-authentication stack buffer overflow
Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. CVE: CVE-2019-7482 Last updated: March 6, 2020, 4:42 a.m...
Multiple VPN applications insecurely store session cookies
A research of Software Engineering Institute of the Carnegie Mellon University shows that multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files. CVE: CVE-2019-1573 CVE-2016-8201 Last updated: April 12, 2019, 8:17 p.m...
SonicOS Unprivileged User Access ARS
A vulnerability in SonicOS with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8,...
Administrators without full permissions can download imported certificates
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Ge...
libssh Authentication Bypass Vulnerability
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. CVE: CVE-2018-10933 Last updated: Oct. 19, 2018, midnight...
cURL (libcurl) NTLM Authentication Code Buffer Overrun Vulnerability
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curlntlmcoremknthash multiplies the length of the password by two SUM to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently...
OpenSSH user enumeration vulnerability
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. CVE: CVE-2018-15473 Last updated: Aug...
Dell SonicWall Secure Remote Access Multiple Command Injection Vulnerabilities
The SonicWall Secure Remote Access server version 8.1.0.2-14sv is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI /cgi-bin/viewcert component responsible for processing SSL certificate information. The CGI...
Multiple Dell SonicWALL Products Multiple Remote Code Execution Vulnerabilities
The GMS ViewPoint GMSVP web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input. CVE: CVE-2016-2396 Last updated: March 12, 2018, 5:29 p.m...
Multiple Dell SonicWALL Products CVE-2015-3990 Remote Code Execution Vulnerability
The GMS ViewPoint GMSVP web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration. CVE: CVE-2015-3990 Last updated: March 13, 2018, 8:25 p.m...
SonicWALL SSL VPN Client Remote ActiveX Multiple Vulnerabilities
Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method. CVE: CVE-2007-5603 Last updated: Sept...
SonicWALL SSL VPN Client Remote ActiveX Multiple Vulnerabilities
Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method. CVE: CVE-2007-5815 Last...
SonicWALL Firmware CVE-2003-1320 Denial-Of-Service Vulnerability
SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange IKE response packets, possibly including 1 a large Security Parameter Index SPI field, 2 a large number of payloads, or 3 a long payload. CV...
SonicWALL SOHO Firewall Predictable TCP Initial Sequence Number Vulnerability
SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions. CVE: CVE-2001-1104 Last updated: Sept. 5, 2008, 8:25 p.m...
SonicWall Email Security Affected By Multiple Vulnerabilities
1 CVE-2025-40604 - Download of Code Without Integrity Check VulnerabilityDownload of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system...
SonicOS Improper Access Control Vulnerability
An improper access control vulnerability has been identified in the SonicWall SonicOS management access and SSLVPN, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Gen 5 and Gen 6 devices, as well as Gen 7...
SMA100 MFA Improper Access Control Vulnerability
Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.There is no evidence that these vulnerabilities are being...
Impact of OpenSSL Vulnerabilities Advisory Released On February 7, 2023
OpenSSL has released a security advisory to address multiple vulnerabilities affecting OpenSSL versions 3.0, 1.1.1, and 1.0.2.CVE-2023-0286 - X.400 address type confusion in X.509 GeneralNameCVE-2022-4304 - Timing Oracle in RSA DecryptionCVE-2022-4203 - X.509 Name Constraints Read Buffer...
Sonicwall Capture Client Local Privilege Escalation via SentinelOne Agent (Aikido)
An arbitrary file deletion vulnerability Aikido in Sonicwall Capture Client via SentinelOne Agent could allow a local attacker to escalate privileges and delete files. The exploit was confirmed to work with 6 vulnerable EDR products, including the SentinelOne Agent for Windows.Please note: an...
SonicWall SSL-VPN NetExtender Windows Client Buffer Overflow Vulnerability
A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client 32 and 64 bit in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system. CVE: CVE-2022-22281 Last updated: May 6, 2022, 11:44 a.m...
OpenSSL Infinite loop when parsing certificates CVE-2022-0778
A vulnerability CVE-2022-0778 was found in OpenSSL that allows to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied...
SonicWall Email Security Virtual Appliance Static Credential Vulnerability
SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance only when the device i...
SonicWall SMA100 post-authentication configuration export to the a specified email address
A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. CVE: CVE-2021-20018 Last updated: March 13, 2021, 1:19 a.m...
SonicOS SSLVPN allows unauthenticated attacker to brute force Virtual Assist ticket ID
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v. CVE: CVE-2020-5141 Last...
SonicOS SSLVPN service unauthenticated release of Invalid pointer to cause Denial of Service (DoS) vulnerability and leads to firewall crash
A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service DoS due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and...
SonicOS SSLVPN unauthenticated buffer overflow leads to firewall crash
A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service DoS on the firewall SSLVPN service and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and SonicO...