Filtered by vendor Sonicwall
Subscriptions
Total
194 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2007-5814 | 1 Sonicwall | 1 Ssl Vpn | 2024-11-21 | N/A |
Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value. NOTE: the AddRouteEntry vector is covered by CVE-2007-5603. | ||||
CVE-2007-5603 | 1 Sonicwall | 1 Ssl Vpn | 2024-11-21 | N/A |
Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method. | ||||
CVE-2005-1006 | 1 Sonicwall | 2 Soho, Soho Firmware | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. | ||||
CVE-2003-1490 | 1 Sonicwall | 3 Pro100, Pro200, Pro300 | 2024-11-21 | N/A |
SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow. | ||||
CVE-2003-1320 | 1 Sonicwall | 1 Firmware | 2024-11-21 | N/A |
SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) a large number of payloads, or (3) a long payload. | ||||
CVE-2002-2341 | 1 Sonicwall | 1 Soho3 | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL. | ||||
CVE-2002-2181 | 1 Sonicwall | 1 Content Filtering | 2024-11-21 | N/A |
SonicWall Content Filtering allows local users to access prohibited web sites via requests to the web site's IP address instead of the domain name. | ||||
CVE-2001-1104 | 1 Sonicwall | 2 Soho, Soho Firmware | 2024-11-21 | N/A |
SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions. | ||||
CVE-2001-0376 | 1 Sonicwall | 2 Soho2, Tele2 | 2024-11-21 | N/A |
SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack the pre-shared keys with significantly less resources than if the full 128 byte IKE pre-shared keys were used. | ||||
CVE-2000-1098 | 1 Sonicwall | 1 Soho Firewall | 2024-11-21 | N/A |
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request. | ||||
CVE-2000-1097 | 1 Sonicwall | 1 Soho Firewall | 2024-11-21 | N/A |
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page. | ||||
CVE-2024-45317 | 1 Sonicwall | 1 Sma1000 Firmware | 2024-10-15 | N/A |
A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP address. | ||||
CVE-2024-45316 | 1 Sonicwall | 1 Connect Tunnel | 2024-10-15 | 7.8 High |
The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack. | ||||
CVE-2024-40766 | 1 Sonicwall | 52 Nsa 2650, Nsa 2700, Nsa 3600 and 49 more | 2024-09-16 | 9.3 Critical |
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions. |