Vulnerabilities > Sonicwall > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-19 | CVE-2018-9867 | Incorrect Permission Assignment for Critical Resource vulnerability in Sonicwall Sonicos and Sonicosv In SonicWall SonicOS, administrators without full permissions can download imported certificates. | 2.1 |
| 2018-05-22 | CVE-2018-3639 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. | 2.1 |
| 2018-01-14 | CVE-2018-5691 | Cross-site Scripting vulnerability in Sonicwall Analyzer and Global Management System SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module. | 3.5 |
| 2018-01-08 | CVE-2018-5280 | Cross-site Scripting vulnerability in Sonicwall Sonicos SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens. | 3.5 |
| 2018-01-08 | CVE-2018-5281 | Cross-site Scripting vulnerability in Sonicwall Sonicos SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. | 3.5 |
| 2013-12-09 | CVE-2013-7025 | Cross-Site Scripting vulnerability in Sonicwall products Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp. | 3.5 |