Vulnerabilities > Sonicwall > Sonicos > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-12 | CVE-2020-5143 | Information Exposure Through Discrepancy vulnerability in Sonicwall Sonicos and Sonicosv SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. | 5.3 |
| 2020-10-12 | CVE-2020-5142 | Cross-site Scripting vulnerability in Sonicwall Sonicos and Sonicosv A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. | 6.1 |
| 2020-10-12 | CVE-2020-5141 | Improper Restriction of Excessive Authentication Attempts vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. | 6.5 |
| 2020-10-12 | CVE-2020-5136 | Classic Buffer Overflow vulnerability in Sonicwall Sonicos and Sonicosv A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. | 6.5 |
| 2020-10-12 | CVE-2020-5134 | Out-of-bounds Read vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. | 6.5 |
| 2020-09-30 | CVE-2020-5132 | Unspecified vulnerability in Sonicwall Sma100 Firmware and Sonicos SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. | 5.3 |
| 2020-07-17 | CVE-2020-5130 | Improper Input Validation vulnerability in Sonicwall Sonicos SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. | 5.3 |
| 2019-08-09 | CVE-2019-12265 | Memory Leak vulnerability in multiple products Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. | 5.3 |
| 2019-04-02 | CVE-2019-7474 | Improper Handling of Exceptional Conditions vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. | 6.5 |
| 2019-02-19 | CVE-2018-9867 | Incorrect Permission Assignment for Critical Resource vulnerability in Sonicwall Sonicos and Sonicosv In SonicWall SonicOS, administrators without full permissions can download imported certificates. | 5.5 |