Filtered by vendor Sonicwall
Subscribe
Total
191 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-34133 | 1 Sonicwall | 2 Analytics, Global Management System | 2025-04-23 | N/A | 7.5 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
CVE-2023-34127 | 1 Sonicwall | 2 Analytics, Global Management System | 2025-04-23 | N/A | 8.8 HIGH |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
CVE-2021-20035 | 1 Sonicwall | 9 Sma 200, Sma 200 Firmware, Sma 210 and 6 more | 2025-04-17 | 6.8 MEDIUM | 6.5 MEDIUM |
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. | |||||
CVE-2014-4977 | 1 Sonicwall | 1 Scrutinizer | 2025-04-12 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php. | |||||
CVE-2015-3447 | 1 Sonicwall | 1 Sonicos | 2025-04-12 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) searchSpoof or (2) searchSpoofIpDet parameter. | |||||
CVE-2014-5024 | 1 Sonicwall | 3 Analyzer, Global Management System, Uma Em5000 | 2025-04-12 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter. | |||||
CVE-2016-2396 | 1 Sonicwall | 4 Analyzer, Global Management System, Uma Em5000 and 1 more | 2025-04-12 | 9.0 HIGH | 9.9 CRITICAL |
The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input. | |||||
CVE-2016-2397 | 1 Sonicwall | 4 Analyzer, Global Management System, Uma Em5000 and 1 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data. | |||||
CVE-2015-3990 | 1 Sonicwall | 4 Analyzer, Global Management System, Uma Em5000 and 1 more | 2025-04-12 | 9.0 HIGH | N/A |
The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration. | |||||
CVE-2014-2589 | 1 Sonicwall | 1 Nsa 2400 | 2025-04-12 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Dashboard Backend service (stats/dashboard.jsp) in SonicWall Network Security Appliance (NSA) 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter. | |||||
CVE-2014-2879 | 1 Sonicwall | 1 Email Security Appliance | 2025-04-12 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page. | |||||
CVE-2014-8420 | 1 Sonicwall | 3 Analyzer, Global Management System, Uma Em5000 | 2025-04-12 | 9.0 HIGH | N/A |
The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
CVE-2014-4976 | 1 Sonicwall | 1 Scrutinizer | 2025-04-12 | 5.5 MEDIUM | N/A |
Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi. | |||||
CVE-2015-2248 | 1 Sonicwall | 1 Remote Access Firmware | 2025-04-12 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request to cgi-bin/editBookmark. | |||||
CVE-2015-4173 | 1 Sonicwall | 1 Netextender | 2025-04-12 | 6.9 MEDIUM | N/A |
Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. | |||||
CVE-2011-5262 | 1 Sonicwall | 4 Aventail Sra Ex6000, Aventail Sra Ex7000, Aventail Sra Ex9000 and 1 more | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. | |||||
CVE-2010-2583 | 1 Sonicwall | 1 Ssl-vpn End-point Interrogator\/installer Activex Control | 2025-04-11 | 9.3 HIGH | N/A |
Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method. | |||||
CVE-2013-7025 | 1 Sonicwall | 4 Analyzer, Global Management System, Uma E5000 and 1 more | 2025-04-11 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp. | |||||
CVE-2014-0332 | 1 Sonicwall | 3 Analyzer, Global Management System, Uma E5000 | 2025-04-11 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action. | |||||
CVE-2012-2962 | 1 Sonicwall | 1 Scrutinizer | 2025-04-11 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter. |