Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-30	CVE-2020-5132	Unspecified vulnerability in Sonicwall Sma100 Firmware and Sonicos SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. network low complexity sonicwall	5.3
2020-07-17	CVE-2020-5130	Improper Input Validation vulnerability in Sonicwall Sonicos SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. network low complexity sonicwall CWE-20	5.3
2019-12-19	CVE-2019-7484	SQL Injection vulnerability in Sonicwall SMA 100 Firmware 9.0.0.0/9.0.0.3 Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. network low complexity sonicwall CWE-89	6.5
2019-08-09	CVE-2019-12265	Memory Leak vulnerability in multiple products Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. network low complexity windriver sonicwall siemens netapp belden CWE-401	5.3
2019-04-02	CVE-2019-7474	Improper Handling of Exceptional Conditions vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. network low complexity sonicwall CWE-755	6.5
2019-02-19	CVE-2018-9867	Incorrect Permission Assignment for Critical Resource vulnerability in Sonicwall Sonicos and Sonicosv In SonicWall SonicOS, administrators without full permissions can download imported certificates. local low complexity sonicwall CWE-732	5.5
2018-05-22	CVE-2018-3639	Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. local low complexity intel arm redhat debian canonical siemens oracle mitel sonicwall schneider-electric nvidia microsoft CWE-203	5.5
2018-01-14	CVE-2018-5691	Cross-site Scripting vulnerability in Sonicwall Analyzer and Global Management System SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module. network low complexity sonicwall CWE-79	5.4
2018-01-08	CVE-2018-5281	Cross-site Scripting vulnerability in Sonicwall Sonicos SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. network low complexity sonicwall CWE-79	5.4
2018-01-08	CVE-2018-5280	Cross-site Scripting vulnerability in Sonicwall Sonicos SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens. network low complexity sonicwall CWE-79	5.4