Filtered by vendor Sonicwall
Subscribe
Total
223 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2181 | 1 Sonicwall | 1 Content Filtering | 2026-04-16 | 5.0 MEDIUM | N/A |
| SonicWall Content Filtering allows local users to access prohibited web sites via requests to the web site's IP address instead of the domain name. | |||||
| CVE-2001-1104 | 1 Sonicwall | 2 Soho, Soho Firmware | 2026-04-16 | 7.5 HIGH | N/A |
| SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions. | |||||
| CVE-2005-1006 | 1 Sonicwall | 2 Soho, Soho Firmware | 2026-04-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. | |||||
| CVE-2000-1098 | 1 Sonicwall | 1 Soho Firewall | 2026-04-16 | 5.0 MEDIUM | N/A |
| The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request. | |||||
| CVE-2003-1490 | 1 Sonicwall | 3 Pro100, Pro200, Pro300 | 2026-04-16 | 7.8 HIGH | N/A |
| SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow. | |||||
| CVE-2001-0376 | 1 Sonicwall | 2 Soho2, Tele2 | 2026-04-16 | 7.5 HIGH | N/A |
| SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack the pre-shared keys with significantly less resources than if the full 128 byte IKE pre-shared keys were used. | |||||
| CVE-2002-2341 | 1 Sonicwall | 1 Soho3 | 2026-04-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL. | |||||
| CVE-2000-1097 | 1 Sonicwall | 1 Soho Firewall | 2026-04-16 | 5.0 MEDIUM | N/A |
| The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page. | |||||
| CVE-2026-3468 | 1 Sonicwall | 6 Email Security, Esa5000, Esa5050 and 3 more | 2026-04-13 | N/A | 4.8 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code. | |||||
| CVE-2026-3469 | 1 Sonicwall | 6 Email Security, Esa5000, Esa5050 and 3 more | 2026-04-13 | N/A | 2.7 LOW |
| A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive. | |||||
| CVE-2026-3470 | 1 Sonicwall | 6 Email Security, Esa5000, Esa5050 and 3 more | 2026-04-13 | N/A | 3.8 LOW |
| A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attacker as admin user could exploit this issue by providing crafted input that corrupts application database. | |||||
| CVE-2026-3439 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2026-03-05 | N/A | 4.9 MEDIUM |
| A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall. | |||||
| CVE-2026-0400 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2026-02-26 | N/A | 4.9 MEDIUM |
| A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall. | |||||
| CVE-2026-0401 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2026-02-26 | N/A | 4.9 MEDIUM |
| A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall. | |||||
| CVE-2026-0402 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2026-02-26 | N/A | 4.9 MEDIUM |
| A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall. | |||||
| CVE-2026-0399 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2026-02-26 | N/A | 4.9 MEDIUM |
| Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint. | |||||
| CVE-2021-44228 | 12 Apache, Apple, Bentley and 9 more | 166 Log4j, Xcode, Synchro and 163 more | 2026-02-20 | 9.3 HIGH | 10.0 CRITICAL |
| Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. | |||||
| CVE-2025-40602 | 1 Sonicwall | 9 Sma6200, Sma6200 Firmware, Sma6210 and 6 more | 2025-12-19 | N/A | 6.6 MEDIUM |
| A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC). | |||||
| CVE-2025-40601 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2025-12-12 | N/A | 7.5 HIGH |
| A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. | |||||
| CVE-2025-40604 | 1 Sonicwall | 10 Email Security Appliance 5000, Email Security Appliance 5000 Firmware, Email Security Appliance 5050 and 7 more | 2025-12-12 | N/A | 9.8 CRITICAL |
| Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution. | |||||