Vulnerabilities > Sonicwall > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-02 | CVE-2019-7474 | Improper Access Control vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. | 4.0 |
| 2015-08-26 | CVE-2015-4173 | Unquoted Search Path or Element vulnerability in Sonicwall Netextender Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. | 6.9 |
| 2015-05-01 | CVE-2015-2248 | Cross-Site Request Forgery (CSRF) vulnerability in Sonicwall Remote Access Firmware Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request to cgi-bin/editBookmark. | 6.8 |
| 2015-04-29 | CVE-2015-3447 | Cross-site Scripting vulnerability in Sonicwall Sonicos 6.2.2.0/7.5.0.12 Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) searchSpoof or (2) searchSpoofIpDet parameter. | 4.3 |
| 2014-07-24 | CVE-2014-5024 | Cross-Site Scripting vulnerability in Sonicwall Analyzer, Global Management System and UMA Em5000 Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter. | 4.3 |
| 2014-07-16 | CVE-2014-4977 | SQL Injection vulnerability in Sonicwall Scrutinizer 11.0.1 Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php. | 6.5 |
| 2014-07-16 | CVE-2014-4976 | Permissions, Privileges, and Access Controls vulnerability in Sonicwall Scrutinizer 11.0.1 Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi. | 5.5 |
| 2014-04-17 | CVE-2014-2879 | Cross-Site Scripting vulnerability in Sonicwall Email Security Appliance Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page. | 4.3 |
| 2014-02-14 | CVE-2014-0332 | Cross-Site Scripting vulnerability in Sonicwall Analyzer and Global Management System Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action. | 4.3 |
| 2012-07-31 | CVE-2012-3848 | Cross-Site Scripting vulnerability in Sonicwall Scrutinizer 8.6.2/9.0.0/9.0.1 Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php. | 4.3 |