Vulnerabilities > Sonicwall

DATE CVE VULNERABILITY TITLE RISK
2021-01-09 CVE-2020-5147 Unquoted Search Path OR Element vulnerability in Sonicwall Netextender
SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system.
local
low complexity
sonicwall CWE-428
4.6
2021-01-09 CVE-2020-5146 OS Command Injection vulnerability in Sonicwall SMA 100 Firmware 10.2.0.220Sv/9.0.0.4
A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters.
network
low complexity
sonicwall CWE-78
critical
9.0
2020-10-28 CVE-2020-5145 Uncontrolled Search Path Element vulnerability in Sonicwall Global VPN Client 4.10.4.0314
SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability.
6.9
2020-10-28 CVE-2020-5144 Untrusted Search Path vulnerability in Sonicwall Global VPN Client 4.10.4.0314
SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.
6.9
2020-10-12 CVE-2020-5143 Information Exposure Through Discrepancy vulnerability in Sonicwall Sonicos and Sonicosv
SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses.
network
low complexity
sonicwall CWE-203
5.0
2020-10-12 CVE-2020-5142 Cross-Site Scripting vulnerability in Sonicwall Sonicos and Sonicosv
A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface.
network
sonicwall CWE-79
4.3
2020-10-12 CVE-2020-5141 Improper Restriction of Excessive Authentication Attempts vulnerability in Sonicwall Sonicos and Sonicosv
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service.
network
low complexity
sonicwall CWE-307
6.4
2020-10-12 CVE-2020-5140 Out-Of-Bounds Read vulnerability in Sonicwall Sonicos and Sonicosv
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak.
network
low complexity
sonicwall CWE-125
5.0
2020-10-12 CVE-2020-5139 Release of Invalid Pointer OR Reference vulnerability in Sonicwall Sonicos and Sonicosv
A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash.
network
low complexity
sonicwall CWE-763
5.0
2020-10-12 CVE-2020-5138 Out-Of-Bounds Write vulnerability in Sonicwall Sonicos and Sonicosv
A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash.
network
low complexity
sonicwall CWE-787
5.0