Vulnerabilidades em SonicWall
187 resultadosCVE-2025-32821HIGHA vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell comEPSS 29.4%CVE-2025-40597HIGHA Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of SerEPSS 27.6%CVE-2020-5135CRITICALA buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code EPSS 26.9%KEVCVE-2021-20040—A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages orEPSS 25.8%CVE-2021-20045—A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentialEPSS 25.2%CVE-2021-20043—A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially exeEPSS 23.3%CVE-2023-34125—Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem wiEPSS 22.7%CVE-2025-23006CRITICALPre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) andEPSS 22.4%KEVCVE-2021-20022HIGHSonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to EPSS 16.5%KEVCVE-2024-40766CRITICALAn improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorizedEPSS 15.7%KEVCVE-2021-20031—A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary wEPSS 13.0%CVE-2024-53703HIGHA vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web servEPSS 12.7%CVE-2021-20026—A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP rEPSS 11.6%CVE-2025-40599CRITICALAn authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrEPSS 11.6%CVE-2022-1703—Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attackEPSS 11.1%CVE-2022-22280—Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWaEPSS 9.3%CVE-2019-7482—Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulneraEPSS 8.8%CVE-2022-1702—SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an exterEPSS 8.4%CVE-2022-22282—SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connectionEPSS 7.2%CVE-2025-32819HIGHA vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete EPSS 6.8%