Vulnerabilities > Sonicwall
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-17 | CVE-2020-5130 | Improper Input Validation vulnerability in Sonicwall Sonicos SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. | 5.3 |
| 2020-03-26 | CVE-2020-5129 | HTTP Request Smuggling vulnerability in Sonicwall Sma1000 Firmware 12.1.006411 A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. | 7.5 |
| 2020-02-11 | CVE-2013-1359 | Improper Authentication vulnerability in Sonicwall products An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account. | 9.8 |
| 2020-02-11 | CVE-2013-1360 | Improper Authentication vulnerability in Sonicwall products An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access. | 9.8 |
| 2019-12-31 | CVE-2019-7479 | Improper Privilege Management vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. | 7.2 |
| 2019-12-31 | CVE-2019-7478 | SQL Injection vulnerability in Sonicwall Global Management System A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. | 9.8 |
| 2019-12-23 | CVE-2019-7489 | Unspecified vulnerability in Sonicwall Email Security Appliance 10.0.2/7.4.5/7.5 A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. | 9.8 |
| 2019-12-23 | CVE-2019-7488 | Weak Password Requirements vulnerability in Sonicwall Email Security Appliance 10.0.2/7.4.5/7.5 Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. | 9.8 |
| 2019-12-19 | CVE-2019-7487 | Unquoted Search Path or Element vulnerability in Sonicwall Sonicos Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution. | 7.8 |
| 2019-12-19 | CVE-2019-7486 | Code Injection vulnerability in Sonicwall SMA 100 Firmware 9.0.0.0/9.0.0.3/9.0.0.4 Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. | 8.8 |