Vulnerabilities > Sonicwall > Sonicosv > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-12 | CVE-2020-5143 | Information Exposure Through Discrepancy vulnerability in Sonicwall Sonicos and Sonicosv SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. | 5.3 |
| 2020-10-12 | CVE-2020-5142 | Cross-site Scripting vulnerability in Sonicwall Sonicos and Sonicosv A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. | 6.1 |
| 2020-10-12 | CVE-2020-5141 | Improper Restriction of Excessive Authentication Attempts vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. | 6.5 |
| 2020-10-12 | CVE-2020-5136 | Classic Buffer Overflow vulnerability in Sonicwall Sonicos and Sonicosv A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. | 6.5 |
| 2020-10-12 | CVE-2020-5134 | Out-of-bounds Read vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. | 6.5 |
| 2019-04-02 | CVE-2019-7474 | Improper Handling of Exceptional Conditions vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. | 6.5 |
| 2019-02-19 | CVE-2018-9867 | Incorrect Permission Assignment for Critical Resource vulnerability in Sonicwall Sonicos and Sonicosv In SonicWall SonicOS, administrators without full permissions can download imported certificates. | 5.5 |
| 2018-05-22 | CVE-2018-3639 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. | 5.5 |