Vulnerabilities > Sonicwall > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-10-12 CVE-2020-5134 Out-of-bounds Read vulnerability in Sonicwall Sonicos and Sonicosv
A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash.
network
low complexity
sonicwall CWE-125
6.5
2020-09-30 CVE-2020-5132 Unspecified vulnerability in Sonicwall Sma100 Firmware and Sonicos
SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability.
network
low complexity
sonicwall
5.3
2020-07-17 CVE-2020-5130 Improper Input Validation vulnerability in Sonicwall Sonicos
SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request.
network
low complexity
sonicwall CWE-20
5.3
2019-12-19 CVE-2019-7484 SQL Injection vulnerability in Sonicwall SMA 100 Firmware 9.0.0.0/9.0.0.3
Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script.
network
low complexity
sonicwall CWE-89
6.5
2019-08-09 CVE-2019-12265 Memory Leak vulnerability in multiple products
Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component.
network
low complexity
windriver sonicwall siemens netapp belden CWE-401
5.3
2019-04-02 CVE-2019-7474 Improper Handling of Exceptional Conditions vulnerability in Sonicwall Sonicos and Sonicosv
A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension.
network
low complexity
sonicwall CWE-755
6.5
2019-02-19 CVE-2018-9867 Incorrect Permission Assignment for Critical Resource vulnerability in Sonicwall Sonicos and Sonicosv
In SonicWall SonicOS, administrators without full permissions can download imported certificates.
local
low complexity
sonicwall CWE-732
5.5
2018-05-22 CVE-2018-3639 Information Exposure Through Discrepancy vulnerability in multiple products
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
5.5
2018-01-14 CVE-2018-5691 Cross-site Scripting vulnerability in Sonicwall Analyzer and Global Management System
SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module.
network
low complexity
sonicwall CWE-79
5.4
2018-01-08 CVE-2018-5281 Cross-site Scripting vulnerability in Sonicwall Sonicos
SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens.
network
low complexity
sonicwall CWE-79
5.4