Vulnerabilities > Sonicwall

DATE CVE VULNERABILITY TITLE RISK
2020-10-12 CVE-2020-5136 Classic Buffer Overflow vulnerability in Sonicwall Sonicos and Sonicosv
A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash.
network
low complexity
sonicwall CWE-120
4.0
2020-10-12 CVE-2020-5135 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sonicwall Sonicos and Sonicosv
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.
network
low complexity
sonicwall CWE-119
7.5
2020-10-12 CVE-2020-5134 Out-of-bounds Read vulnerability in Sonicwall Sonicos and Sonicosv
A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash.
network
low complexity
sonicwall CWE-125
4.0
2020-10-12 CVE-2020-5133 Classic Buffer Overflow vulnerability in Sonicwall Sonicos and Sonicosv
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash.
network
low complexity
sonicwall CWE-120
5.0
2020-09-30 CVE-2020-5132 Unspecified vulnerability in Sonicwall Sma100 Firmware and Sonicos
SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability.
network
low complexity
sonicwall
5.0
2020-07-17 CVE-2020-5131 Improper Input Validation vulnerability in Sonicwall Netextender
SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system.
local
low complexity
sonicwall CWE-20
4.6
2020-07-17 CVE-2020-5130 Improper Input Validation vulnerability in Sonicwall Sonicos
SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request.
network
low complexity
sonicwall CWE-20
5.0
2020-03-26 CVE-2020-5129 HTTP Request Smuggling vulnerability in Sonicwall Sma1000 Firmware
A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service.
network
low complexity
sonicwall CWE-444
5.0
2020-02-11 CVE-2013-1359 Improper Authentication vulnerability in Sonicwall products
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
network
low complexity
sonicwall CWE-287
critical
10.0
2020-02-11 CVE-2013-1360 Improper Authentication vulnerability in Sonicwall products
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.
network
low complexity
sonicwall CWE-287
critical
10.0