Vulnerabilities > Sonicwall > Sonicos
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-17 | CVE-2023-41711 | Out-of-bounds Write vulnerability in Sonicwall Sonicos SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash. | 6.5 |
| 2023-10-17 | CVE-2023-41712 | Out-of-bounds Write vulnerability in Sonicwall Sonicos SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash. | 6.5 |
| 2023-10-17 | CVE-2023-41713 | Use of Hard-coded Credentials vulnerability in Sonicwall Sonicos SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function. | 7.5 |
| 2023-10-17 | CVE-2023-41715 | Improper Privilege Management vulnerability in Sonicwall Sonicos SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel. | 8.8 |
| 2023-03-02 | CVE-2023-0656 | Out-of-bounds Write vulnerability in Sonicwall Sonicos A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. | 7.5 |
| 2023-03-02 | CVE-2023-1101 | Improper Restriction of Excessive Authentication Attempts vulnerability in Sonicwall Sonicos SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. | 8.8 |
| 2022-04-27 | CVE-2022-22275 | Unspecified vulnerability in Sonicwall Sonicos Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable. | 7.5 |
| 2022-03-25 | CVE-2022-22274 | Out-of-bounds Write vulnerability in Sonicwall Sonicos A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall. | 9.8 |
| 2022-01-10 | CVE-2021-20046 | Out-of-bounds Write vulnerability in Sonicwall Sonicos A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. | 8.8 |
| 2022-01-10 | CVE-2021-20048 | Out-of-bounds Write vulnerability in Sonicwall Sonicos A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. | 8.8 |