Filtered by vendor Sonicwall
Subscriptions
Filtered by product Sonicos
Subscriptions
Total
67 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0400 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2026-02-26 | 4.9 Medium |
| A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall. | ||||
| CVE-2026-0401 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2026-02-26 | 4.9 Medium |
| A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall. | ||||
| CVE-2026-0402 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2026-02-26 | 4.9 Medium |
| A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall. | ||||
| CVE-2026-0399 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2026-02-26 | 4.9 Medium |
| Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint. | ||||
| CVE-2024-53704 | 1 Sonicwall | 24 Nsa 2700, Nsa 3700, Nsa 4700 and 21 more | 2026-02-26 | 8.2 High |
| An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. | ||||
| CVE-2024-53706 | 1 Sonicwall | 1 Sonicos | 2026-02-26 | 7.8 High |
| A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution. | ||||
| CVE-2023-41715 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2025-12-16 | 8.8 High |
| SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel. | ||||
| CVE-2025-40601 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2025-12-12 | 7.5 High |
| A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. | ||||
| CVE-2024-3596 | 5 Broadcom, Freeradius, Ietf and 2 more | 12 Brocade Sannav, Fabric Operating System, Freeradius and 9 more | 2025-11-04 | 9 Critical |
| RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. | ||||
| CVE-2024-40766 | 1 Sonicwall | 52 Nsa 2650, Nsa 2700, Nsa 3600 and 49 more | 2025-10-31 | 9.3 Critical |
| An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions. | ||||
| CVE-2020-5135 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2025-10-31 | 9.8 Critical |
| A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | ||||
| CVE-2025-40600 | 1 Sonicwall | 23 Nsa 2700, Nsa 3700, Nsa 4700 and 20 more | 2025-08-11 | 9.8 Critical |
| Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption. | ||||
| CVE-2024-40762 | 1 Sonicwall | 1 Sonicos | 2025-07-13 | 9.8 Critical |
| Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass. | ||||
| CVE-2024-22396 | 1 Sonicwall | 1 Sonicos | 2025-07-12 | 5.3 Medium |
| An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. | ||||
| CVE-2015-3447 | 1 Sonicwall | 1 Sonicos | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) searchSpoof or (2) searchSpoofIpDet parameter. | ||||
| CVE-2024-29013 | 1 Sonicwall | 22 Nsa 2700, Nsa 3700, Nsa 4700 and 19 more | 2025-03-25 | 5.3 Medium |
| Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function. | ||||
| CVE-2024-29012 | 1 Sonicwall | 22 Nsa 2700, Nsa 3700, Nsa 4700 and 19 more | 2025-03-25 | 4.9 Medium |
| Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function. | ||||
| CVE-2023-1101 | 1 Sonicwall | 68 Nsa 2600, Nsa 2650, Nsa 2700 and 65 more | 2025-03-07 | 8.8 High |
| SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. | ||||
| CVE-2023-0656 | 1 Sonicwall | 32 Nsa 2700, Nsa 3700, Nsa 4700 and 29 more | 2025-03-07 | 7.5 High |
| A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. | ||||
| CVE-2024-40764 | 1 Sonicwall | 32 Nsa 2700, Nsa 3700, Nsa 4700 and 29 more | 2024-11-21 | 7.5 High |
| Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS). | ||||