Filtered by vendor Sonicwall
Subscriptions
Total
237 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3468 | 1 Sonicwall | 6 Email Security, Esa5000, Esa5050 and 3 more | 2026-04-14 | 4.8 Medium |
| A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code. | ||||
| CVE-2026-3469 | 1 Sonicwall | 6 Email Security, Esa5000, Esa5050 and 3 more | 2026-04-14 | 2.7 Low |
| A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive. | ||||
| CVE-2026-3470 | 1 Sonicwall | 6 Email Security, Esa5000, Esa5050 and 3 more | 2026-04-14 | 3.8 Low |
| A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attacker as admin user could exploit this issue by providing crafted input that corrupts application database. | ||||
| CVE-2026-4113 | 1 Sonicwall | 1 Sma1000 | 2026-04-14 | 7.2 High |
| An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials. | ||||
| CVE-2026-4116 | 1 Sonicwall | 1 Sma1000 | 2026-04-14 | 7.2 High |
| Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication. | ||||
| CVE-2026-4114 | 1 Sonicwall | 1 Sma1000 | 2026-04-13 | N/A |
| Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication. | ||||
| CVE-2026-4112 | 1 Sonicwall | 1 Sma1000 | 2026-04-13 | N/A |
| Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator. | ||||
| CVE-2026-3439 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2026-03-05 | 4.9 Medium |
| A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall. | ||||
| CVE-2026-0400 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2026-02-26 | 4.9 Medium |
| A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall. | ||||
| CVE-2026-0401 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2026-02-26 | 4.9 Medium |
| A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall. | ||||
| CVE-2026-0402 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2026-02-26 | 4.9 Medium |
| A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall. | ||||
| CVE-2026-0399 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2026-02-26 | 4.9 Medium |
| Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint. | ||||
| CVE-2024-53704 | 1 Sonicwall | 24 Nsa 2700, Nsa 3700, Nsa 4700 and 21 more | 2026-02-26 | 8.2 High |
| An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. | ||||
| CVE-2024-53706 | 1 Sonicwall | 1 Sonicos | 2026-02-26 | 7.8 High |
| A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution. | ||||
| CVE-2025-23006 | 1 Sonicwall | 15 Sma6200, Sma6200 Firmware, Sma6210 and 12 more | 2026-02-26 | 9.8 Critical |
| Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. | ||||
| CVE-2025-32819 | 1 Sonicwall | 12 Sma 100, Sma 100 Firmware, Sma 200 and 9 more | 2026-02-26 | 8.8 High |
| A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. | ||||
| CVE-2025-32821 | 1 Sonicwall | 12 Sma 100, Sma 100 Firmware, Sma 200 and 9 more | 2026-02-26 | 7.1 High |
| A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance. | ||||
| CVE-2025-40596 | 1 Sonicwall | 6 Sma 210, Sma 210 Firmware, Sma 410 and 3 more | 2026-02-26 | 7.3 High |
| A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution. | ||||
| CVE-2025-40597 | 1 Sonicwall | 6 Sma 210, Sma 210 Firmware, Sma 410 and 3 more | 2026-02-26 | 7.5 High |
| A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution. | ||||
| CVE-2025-40604 | 1 Sonicwall | 11 Email Security, Email Security Appliance 5000, Email Security Appliance 5000 Firmware and 8 more | 2026-02-26 | 6.5 Medium |
| Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution. | ||||