Vulnerabilities > Sonicwall > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-12 | CVE-2020-5138 | Out-of-bounds Write vulnerability in Sonicwall Sonicos and Sonicosv A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. | 7.5 |
| 2020-10-12 | CVE-2020-5137 | Classic Buffer Overflow vulnerability in Sonicwall Sonicos and Sonicosv A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. | 7.5 |
| 2020-10-12 | CVE-2020-5133 | Classic Buffer Overflow vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. | 7.5 |
| 2020-07-17 | CVE-2020-5131 | Improper Input Validation vulnerability in Sonicwall Netextender SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. | 7.8 |
| 2020-03-26 | CVE-2020-5129 | HTTP Request Smuggling vulnerability in Sonicwall Sma1000 Firmware 12.1.006411 A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. | 7.5 |
| 2019-12-31 | CVE-2019-7479 | Improper Privilege Management vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. | 7.2 |
| 2019-12-19 | CVE-2019-7487 | Unquoted Search Path or Element vulnerability in Sonicwall Sonicos Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution. | 7.8 |
| 2019-12-19 | CVE-2019-7486 | Code Injection vulnerability in Sonicwall SMA 100 Firmware 9.0.0.0/9.0.0.3/9.0.0.4 Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. | 8.8 |
| 2019-12-19 | CVE-2019-7485 | Classic Buffer Overflow vulnerability in Sonicwall SMA 100 Firmware 9.0.0.0/9.0.0.3 Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. | 8.8 |
| 2019-12-19 | CVE-2019-7483 | Path Traversal vulnerability in Sonicwall SMA 100 Firmware 9.0.0.0/9.0.0.3 In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. | 7.5 |