Filtered by vendor Sonicwall Subscriptions
Total 194 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-45318 1 Sonicwall 1 Sma100 Firmware 2024-12-09 8.1 High
A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.
CVE-2024-53703 1 Sonicwall 1 Sma100 Firmware 2024-12-07 8.1 High
A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.
CVE-2024-40763 1 Sonicwall 1 Sma100 Firmware 2024-12-07 7.5 High
Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.
CVE-2024-22395 1 Sonicwall 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more 2024-12-05 6.3 Medium
Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.
CVE-2024-53702 1 Sonicwall 1 Sma100 Firmware 2024-12-05 5.3 Medium
Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.
CVE-2023-44221 1 Sonicwall 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more 2024-12-02 7.2 High
Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
CVE-2024-29014 1 Sonicwall 1 Netextender 2024-11-27 7.1 High
Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.
CVE-2024-40764 1 Sonicwall 32 Nsa 2700, Nsa 3700, Nsa 4700 and 29 more 2024-11-21 7.5 High
Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).
CVE-2024-29013 1 Sonicwall 22 Nsa 2700, Nsa 3700, Nsa 4700 and 19 more 2024-11-21 6.5 Medium
Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function.
CVE-2024-29012 1 Sonicwall 22 Nsa 2700, Nsa 3700, Nsa 4700 and 19 more 2024-11-21 7.5 High
Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.
CVE-2024-22394 1 Sonicwall 22 Nsa 2700, Nsa 3700, Nsa 4700 and 19 more 2024-11-21 9.8 Critical
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.  This issue affects only firmware version SonicOS 7.1.1-7040.
CVE-2023-6340 1 Sonicwall 2 Capture Client, Netextender 2024-11-21 5.5 Medium
SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.
CVE-2023-5970 1 Sonicwall 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more 2024-11-21 8.8 High
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.
CVE-2023-44220 1 Sonicwall 1 Netextender 2024-11-21 7.3 High
SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.
CVE-2023-44219 2 Microsoft, Sonicwall 2 Windows, Directory Services Connector 2024-11-21 7.8 High
A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature.
CVE-2023-44218 1 Sonicwall 1 Netextender 2024-11-21 8.8 High
A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability.
CVE-2023-44217 1 Sonicwall 1 Netextender 2024-11-21 7.8 High
A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality.
CVE-2023-41715 1 Sonicwall 61 Nsa2700, Nsa3700, Nsa4700 and 58 more 2024-11-21 8.8 High
SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.
CVE-2023-41713 1 Sonicwall 61 Nsa2700, Nsa3700, Nsa4700 and 58 more 2024-11-21 7.5 High
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.
CVE-2023-41712 1 Sonicwall 61 Nsa2700, Nsa3700, Nsa4700 and 58 more 2024-11-21 6.5 Medium
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.