Filtered by vendor Sonicwall
Subscribe
Total
198 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1701 | 1 Sonicwall | 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more | 2022-10-14 | 5.0 MEDIUM | 7.5 HIGH |
| SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data. | |||||
| CVE-2022-1702 | 1 Sonicwall | 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more | 2022-10-14 | 5.8 MEDIUM | 6.1 MEDIUM |
| SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability. | |||||
| CVE-2021-45105 | 5 Apache, Debian, Netapp and 2 more | 121 Log4j, Debian Linux, Cloud Manager and 118 more | 2022-10-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. | |||||
| CVE-2022-2915 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2022-09-01 | N/A | 8.8 HIGH |
| A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. | |||||
| CVE-2019-12256 | 5 Belden, Netapp, Siemens and 2 more | 50 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 47 more | 2022-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options. | |||||
| CVE-2019-12257 | 5 Belden, Netapp, Siemens and 2 more | 46 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 43 more | 2022-08-16 | 5.8 MEDIUM | 8.8 HIGH |
| Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc. | |||||
| CVE-2019-12263 | 5 Belden, Netapp, Siemens and 2 more | 50 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 47 more | 2022-08-12 | 6.8 MEDIUM | 8.1 HIGH |
| Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. | |||||
| CVE-2019-12258 | 5 Belden, Netapp, Siemens and 2 more | 50 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 47 more | 2022-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options. | |||||
| CVE-2019-12261 | 6 Belden, Netapp, Oracle and 3 more | 51 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 48 more | 2022-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host. | |||||
| CVE-2019-12260 | 6 Belden, Netapp, Oracle and 3 more | 51 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 48 more | 2022-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option. | |||||
| CVE-2019-12265 | 5 Belden, Netapp, Siemens and 2 more | 50 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 47 more | 2022-08-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report. | |||||
| CVE-2022-2324 | 1 Sonicwall | 1 Email Security | 2022-08-08 | N/A | 7.5 HIGH |
| Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions | |||||
| CVE-2022-22280 | 1 Sonicwall | 2 Analytics, Global Management System | 2022-08-08 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions. | |||||
| CVE-2022-2323 | 1 Sonicwall | 14 Sws12-10fpoe, Sws12-10fpoe Firmware, Sws12-8 and 11 more | 2022-08-08 | N/A | 8.8 HIGH |
| Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versions | |||||
| CVE-2021-20019 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2022-08-05 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability. | |||||
| CVE-2021-20034 | 1 Sonicwall | 9 Sma 200, Sma 200 Firmware, Sma 210 and 6 more | 2022-07-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. | |||||
| CVE-2021-20049 | 1 Sonicwall | 12 Sma100, Sma200, Sma210 and 9 more | 2022-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions. | |||||
| CVE-2001-1104 | 1 Sonicwall | 2 Soho, Soho Firmware | 2022-06-28 | 7.5 HIGH | N/A |
| SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions. | |||||
| CVE-2005-1006 | 1 Sonicwall | 2 Soho, Soho Firmware | 2022-06-23 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. | |||||
| CVE-2008-4918 | 1 Sonicwall | 4 Pro 2040, Sonicos Enhanced, Tz 180 and 1 more | 2022-06-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking." | |||||