Filtered by vendor Sonicwall
Subscriptions
Total
240 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0401 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2026-04-17 | 4.9 Medium |
| A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall. | ||||
| CVE-2026-3439 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2026-04-17 | 4.9 Medium |
| A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall. | ||||
| CVE-2001-0376 | 1 Sonicwall | 2 Soho2, Tele2 | 2026-04-16 | N/A |
| SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack the pre-shared keys with significantly less resources than if the full 128 byte IKE pre-shared keys were used. | ||||
| CVE-2003-1320 | 1 Sonicwall | 1 Firmware | 2026-04-16 | N/A |
| SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) a large number of payloads, or (3) a long payload. | ||||
| CVE-2002-2341 | 1 Sonicwall | 1 Soho3 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL. | ||||
| CVE-2003-1490 | 1 Sonicwall | 3 Pro100, Pro200, Pro300 | 2026-04-16 | N/A |
| SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow. | ||||
| CVE-2000-1097 | 1 Sonicwall | 1 Soho Firewall | 2026-04-16 | N/A |
| The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page. | ||||
| CVE-2000-1098 | 1 Sonicwall | 1 Soho Firewall | 2026-04-16 | N/A |
| The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request. | ||||
| CVE-2002-2181 | 1 Sonicwall | 1 Content Filtering | 2026-04-16 | N/A |
| SonicWall Content Filtering allows local users to access prohibited web sites via requests to the web site's IP address instead of the domain name. | ||||
| CVE-2005-1006 | 1 Sonicwall | 2 Soho, Soho Firmware | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. | ||||
| CVE-2001-1104 | 1 Sonicwall | 2 Soho, Soho Firmware | 2026-04-16 | N/A |
| SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions. | ||||
| CVE-2024-45317 | 1 Sonicwall | 1 Sma1000 | 2026-04-15 | 7.5 High |
| A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP address. | ||||
| CVE-2024-22396 | 1 Sonicwall | 1 Sonicos | 2026-04-15 | 5.3 Medium |
| An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. | ||||
| CVE-2025-32817 | 1 Sonicwall | 1 Connect Tunnel | 2026-04-15 | 6.1 Medium |
| A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption. | ||||
| CVE-2025-23009 | 1 Sonicwall | 1 Netextender | 2026-04-15 | 7.2 High |
| A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion. | ||||
| CVE-2024-53706 | 1 Sonicwall | 1 Sonicos | 2026-04-15 | 7.8 High |
| A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution. | ||||
| CVE-2024-45316 | 1 Sonicwall | 1 Connect Tunnel | 2026-04-15 | 7.8 High |
| The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack. | ||||
| CVE-2024-45315 | 1 Sonicwall | 1 Connect Tunnel | 2026-04-15 | 5.5 Medium |
| The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders and files, potentially leading to local Denial of Service (DoS) attack. | ||||
| CVE-2025-40595 | 1 Sonicwall | 1 Sma1000 | 2026-04-15 | 7.2 High |
| A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location. | ||||
| CVE-2025-23010 | 1 Sonicwall | 1 Netextender | 2026-04-15 | 7.2 High |
| An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths. | ||||